[gsi-openssh/f20] Based on openssh-6.4p1-6.fc20
Mattias Ellert
ellert at fedoraproject.org
Mon Nov 24 13:07:36 UTC 2014
commit 1dceb5bf5686ed2292d6db431e329c7c551e5285
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Mon Nov 24 14:05:33 2014 +0100
Based on openssh-6.4p1-6.fc20
gsi-openssh.spec | 32 +-
openssh-6.3p1-krb5-use-default_ccache_name.patch | 2 +-
openssh-6.3p1-kuserok.patch | 167 ----
openssh-6.4p1-audit.patch | 299 ++++---
openssh-6.4p1-ignore-SIGXFSZ-in-postauth.patch | 28 +
openssh-6.4p1-kuserok.patch | 291 +++++++
openssh-6.4p1-partial-success.patch | 16 +
openssh-6.4p1-servconf-parser.patch | 31 +
openssh-6.4p1-set_remote_ipaddr.patch | 87 ++
openssh-6.4p1-utf8-banner.patch | 994 ++++++++++++++++++++++
10 files changed, 1655 insertions(+), 292 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index 8663977..0cf6ff1 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -29,7 +29,7 @@
%global ldap 1
%global openssh_ver 6.4p1
-%global openssh_rel 4
+%global openssh_rel 5
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -124,7 +124,7 @@ Patch800: openssh-6.3p1-gsskex.patch
Patch801: openssh-6.3p1-force_krb.patch
Patch900: openssh-6.1p1-gssapi-canohost.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
-Patch901: openssh-6.3p1-kuserok.patch
+Patch901: openssh-6.4p1-kuserok.patch
# use default_ccache_name from /etc/krb5.conf (#991186)
Patch902: openssh-6.3p1-krb5-use-default_ccache_name.patch
# increase the size of the Diffie-Hellman groups (#1010607)
@@ -144,6 +144,22 @@ Patch908: openssh-6.4p1-CVE-2014-2653.patch
Patch909: openssh-6.4p1-ignore-bad-env-var.patch
# standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
Patch910: openssh-6.4p1-NI_MAXHOST.patch
+# set a client's address right after a connection is set
+# http://bugzilla.mindrot.org/show_bug.cgi?id=2257
+Patch911: openssh-6.4p1-set_remote_ipaddr.patch
+# apply RFC3454 stringprep to banners when possible
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2058
+# slightly changed patch from comment 10
+Patch912: openssh-6.4p1-utf8-banner.patch
+# don't consider a partial success as a failure
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2270
+Patch913: openssh-6.4p1-partial-success.patch
+# fix parsing of empty options in sshd_conf
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2281
+Patch914: openssh-6.4p1-servconf-parser.patch
+# Ignore SIGXFSZ in postauth monitor
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2263
+Patch915: openssh-6.4p1-ignore-SIGXFSZ-in-postauth.patch
# This is the patch that adds GSI support
# Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.4p1.patch
@@ -172,8 +188,8 @@ BuildRequires: krb5-devel
%if %{gsi}
BuildRequires: globus-gss-assist-devel >= 8
-BuildRequires: globus-gssapi-gsi >= 10
-BuildRequires: globus-common >= 14
+BuildRequires: globus-gssapi-gsi-devel >= 10
+BuildRequires: globus-common-devel >= 14
BuildRequires: globus-usage-devel >= 3
%endif
@@ -300,6 +316,11 @@ This version of OpenSSH has been modified to support GSI authentication.
%patch908 -p1 -b .CVE-2014-2653
%patch909 -p1 -b .bad-env-var
%patch910 -p1 -b .NI_MAXHOST
+%patch911 -p1 -b .set_remote_ipaddr
+%patch912 -p1 -b .utf8-banner
+%patch913 -p1 -b .partial-success
+%patch914 -p1 -b .servconf
+%patch915 -p1 -b .SIGXFSZ
%patch98 -p1 -b .gsi
@@ -513,6 +534,9 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
%changelog
+* Mon Nov 24 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.4p1-5
+- Based on openssh-6.4p1-6.fc20
+
* Wed Oct 22 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.4p1-4
- Based on openssh-6.4p1-5.fc20
diff --git a/openssh-6.3p1-krb5-use-default_ccache_name.patch b/openssh-6.3p1-krb5-use-default_ccache_name.patch
index b9c8000..dd201a4 100644
--- a/openssh-6.3p1-krb5-use-default_ccache_name.patch
+++ b/openssh-6.3p1-krb5-use-default_ccache_name.patch
@@ -30,7 +30,7 @@ diff -up openssh-6.3p1/auth-krb5.c.ccache_name openssh-6.3p1/auth-krb5.c
+ if (authctxt->krb5_ticket_file[0] == ':')
+ authctxt->krb5_ticket_file++;
+
-+ len = strlen(authctxt->krb5_ticket_file) + strlen(ccache_type);
++ len = strlen(authctxt->krb5_ticket_file) + strlen(ccache_type) + 2;
authctxt->krb5_ccname = xmalloc(len);
- snprintf(authctxt->krb5_ccname, len, "FILE:%s",
+
diff --git a/openssh-6.4p1-audit.patch b/openssh-6.4p1-audit.patch
index 77a6fa4..c1e7dfd 100644
--- a/openssh-6.4p1-audit.patch
+++ b/openssh-6.4p1-audit.patch
@@ -1,7 +1,8 @@
-diff -up openssh-6.3p1/Makefile.in.audit openssh-6.3p1/Makefile.in
---- openssh-6.3p1/Makefile.in.audit 2013-06-11 03:26:10.000000000 +0200
-+++ openssh-6.3p1/Makefile.in 2013-10-07 15:53:34.246717277 +0200
-@@ -73,7 +73,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o
+diff --git a/Makefile.in b/Makefile.in
+index 92c95a9..d2f41bd 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -73,7 +73,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
@@ -10,10 +11,11 @@ diff -up openssh-6.3p1/Makefile.in.audit openssh-6.3p1/Makefile.in
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
-diff -up openssh-6.3p1/audit-bsm.c.audit openssh-6.3p1/audit-bsm.c
---- openssh-6.3p1/audit-bsm.c.audit 2012-02-24 00:40:43.000000000 +0100
-+++ openssh-6.3p1/audit-bsm.c 2013-10-07 15:53:34.246717277 +0200
-@@ -375,10 +375,23 @@ audit_connection_from(const char *host,
+diff --git a/audit-bsm.c b/audit-bsm.c
+index 6135591..5160869 100644
+--- a/audit-bsm.c
++++ b/audit-bsm.c
+@@ -375,10 +375,23 @@ audit_connection_from(const char *host, int port)
#endif
}
@@ -38,7 +40,7 @@ diff -up openssh-6.3p1/audit-bsm.c.audit openssh-6.3p1/audit-bsm.c
}
void
-@@ -393,6 +406,12 @@ audit_session_close(struct logininfo *li
+@@ -393,6 +406,12 @@ audit_session_close(struct logininfo *li)
/* not implemented */
}
@@ -92,9 +94,10 @@ diff -up openssh-6.3p1/audit-bsm.c.audit openssh-6.3p1/audit-bsm.c
+ /* not implemented */
+}
#endif /* BSM */
-diff -up openssh-6.3p1/audit-linux.c.audit openssh-6.3p1/audit-linux.c
---- openssh-6.3p1/audit-linux.c.audit 2011-01-17 11:15:30.000000000 +0100
-+++ openssh-6.3p1/audit-linux.c 2013-10-07 15:53:34.246717277 +0200
+diff --git a/audit-linux.c b/audit-linux.c
+index b3ee2f4..946f7fa 100644
+--- a/audit-linux.c
++++ b/audit-linux.c
@@ -35,13 +35,24 @@
#include "log.h"
@@ -123,7 +126,7 @@ diff -up openssh-6.3p1/audit-linux.c.audit openssh-6.3p1/audit-linux.c
{
int audit_fd, rc, saved_errno;
-@@ -49,11 +60,11 @@ linux_audit_record_event(int uid, const
+@@ -49,11 +60,11 @@ linux_audit_record_event(int uid, const char *username,
if (audit_fd < 0) {
if (errno == EINVAL || errno == EPROTONOSUPPORT ||
errno == EAFNOSUPPORT)
@@ -138,7 +141,7 @@ diff -up openssh-6.3p1/audit-linux.c.audit openssh-6.3p1/audit-linux.c
NULL, "login", username ? username : "(unknown)",
username == NULL ? uid : -1, hostname, ip, ttyn, success);
saved_errno = errno;
-@@ -65,35 +76,150 @@ linux_audit_record_event(int uid, const
+@@ -65,35 +76,150 @@ linux_audit_record_event(int uid, const char *username,
if ((rc == -EPERM) && (geteuid() != 0))
rc = 0;
errno = saved_errno;
@@ -481,9 +484,10 @@ diff -up openssh-6.3p1/audit-linux.c.audit openssh-6.3p1/audit-linux.c
+ error("cannot write into audit");
+}
#endif /* USE_LINUX_AUDIT */
-diff -up openssh-6.3p1/audit.c.audit openssh-6.3p1/audit.c
---- openssh-6.3p1/audit.c.audit 2011-01-17 11:15:30.000000000 +0100
-+++ openssh-6.3p1/audit.c 2013-10-07 15:53:34.246717277 +0200
+diff --git a/audit.c b/audit.c
+index ced57fa..13c6849 100644
+--- a/audit.c
++++ b/audit.c
@@ -28,6 +28,7 @@
#include <stdarg.h>
@@ -502,7 +506,23 @@ diff -up openssh-6.3p1/audit.c.audit openssh-6.3p1/audit.c
/*
* Care must be taken when using this since it WILL NOT be initialized when
-@@ -111,6 +115,40 @@ audit_event_lookup(ssh_audit_event_t ev)
+@@ -71,13 +75,10 @@ audit_classify_auth(const char *method)
+ const char *
+ audit_username(void)
+ {
+- static const char unknownuser[] = "(unknown user)";
+- static const char invaliduser[] = "(invalid user)";
++ static const char unknownuser[] = "(unknown)";
+
+- if (the_authctxt == NULL || the_authctxt->user == NULL)
++ if (the_authctxt == NULL || the_authctxt->user == NULL || !the_authctxt->valid)
+ return (unknownuser);
+- if (!the_authctxt->valid)
+- return (invaliduser);
+ return (the_authctxt->user);
+ }
+
+@@ -111,6 +112,40 @@ audit_event_lookup(ssh_audit_event_t ev)
return(event_lookup[i].name);
}
@@ -543,7 +563,7 @@ diff -up openssh-6.3p1/audit.c.audit openssh-6.3p1/audit.c
# ifndef CUSTOM_SSH_AUDIT_EVENTS
/*
* Null implementations of audit functions.
-@@ -140,6 +178,17 @@ audit_event(ssh_audit_event_t event)
+@@ -140,6 +175,17 @@ audit_event(ssh_audit_event_t event)
}
/*
@@ -561,7 +581,7 @@ diff -up openssh-6.3p1/audit.c.audit openssh-6.3p1/audit.c
* Called when a user session is started. Argument is the tty allocated to
* the session, or NULL if no tty was allocated.
*
-@@ -174,13 +223,91 @@ audit_session_close(struct logininfo *li
+@@ -174,13 +220,91 @@ audit_session_close(struct logininfo *li)
/*
* This will be called when a user runs a non-interactive command. Note that
* it may be called multiple times for a single connection since SSH2 allows
@@ -655,9 +675,10 @@ diff -up openssh-6.3p1/audit.c.audit openssh-6.3p1/audit.c
}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
-diff -up openssh-6.3p1/audit.h.audit openssh-6.3p1/audit.h
---- openssh-6.3p1/audit.h.audit 2011-01-17 11:15:30.000000000 +0100
-+++ openssh-6.3p1/audit.h 2013-10-07 15:53:34.246717277 +0200
+diff --git a/audit.h b/audit.h
+index 92ede5b..a2dc3ff 100644
+--- a/audit.h
++++ b/audit.h
@@ -28,6 +28,7 @@
# define _SSH_AUDIT_H
@@ -693,9 +714,11 @@ diff -up openssh-6.3p1/audit.h.audit openssh-6.3p1/audit.h
+void audit_generate_ephemeral_server_key(const char *);
#endif /* _SSH_AUDIT_H */
-diff -up openssh-6.3p1/auditstub.c.audit openssh-6.3p1/auditstub.c
---- openssh-6.3p1/auditstub.c.audit 2013-10-07 15:53:34.247717272 +0200
-+++ openssh-6.3p1/auditstub.c 2013-10-07 15:53:34.247717272 +0200
+diff --git a/auditstub.c b/auditstub.c
+new file mode 100644
+index 0000000..45817e0
+--- /dev/null
++++ b/auditstub.c
@@ -0,0 +1,50 @@
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */
+
@@ -747,10 +770,11 @@ diff -up openssh-6.3p1/auditstub.c.audit openssh-6.3p1/auditstub.c
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
+{
+}
-diff -up openssh-6.3p1/auth-rsa.c.audit openssh-6.3p1/auth-rsa.c
---- openssh-6.3p1/auth-rsa.c.audit 2013-07-18 08:12:44.000000000 +0200
-+++ openssh-6.3p1/auth-rsa.c 2013-10-07 15:53:34.247717272 +0200
-@@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU
+diff --git a/auth-rsa.c b/auth-rsa.c
+index 545aa49..dee0864 100644
+--- a/auth-rsa.c
++++ b/auth-rsa.c
+@@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
{
u_char buf[32], mdbuf[16];
MD5_CTX md;
@@ -762,7 +786,7 @@ diff -up openssh-6.3p1/auth-rsa.c.audit openssh-6.3p1/auth-rsa.c
/* don't allow short keys */
if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
-@@ -113,12 +116,18 @@ auth_rsa_verify_response(Key *key, BIGNU
+@@ -113,12 +116,18 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
MD5_Final(mdbuf, &md);
/* Verify that the response is the original challenge. */
@@ -786,10 +810,25 @@ diff -up openssh-6.3p1/auth-rsa.c.audit openssh-6.3p1/auth-rsa.c
}
/*
-diff -up openssh-6.3p1/auth.h.audit openssh-6.3p1/auth.h
---- openssh-6.3p1/auth.h.audit 2013-07-20 05:21:53.000000000 +0200
-+++ openssh-6.3p1/auth.h 2013-10-07 16:02:38.629171107 +0200
-@@ -187,6 +187,7 @@ void abandon_challenge_response(Authctxt
+diff --git a/auth.c b/auth.c
+index 420a85b..d613f8c 100644
+--- a/auth.c
++++ b/auth.c
+@@ -628,9 +628,6 @@ getpwnamallow(const char *user)
+ record_failed_login(user,
+ get_canonical_hostname(options.use_dns), "ssh");
+ #endif
+-#ifdef SSH_AUDIT_EVENTS
+- audit_event(SSH_INVALID_USER);
+-#endif /* SSH_AUDIT_EVENTS */
+ return (NULL);
+ }
+ if (!allowed_user(pw))
+diff --git a/auth.h b/auth.h
+index 80f0898..157c738 100644
+--- a/auth.h
++++ b/auth.h
+@@ -187,6 +187,7 @@ void abandon_challenge_response(Authctxt *);
char *expand_authorized_keys(const char *, struct passwd *pw);
char *authorized_principals_file(struct passwd *);
@@ -805,9 +844,10 @@ diff -up openssh-6.3p1/auth.h.audit openssh-6.3p1/auth.h
/* debug messages during authentication */
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-diff -up openssh-6.3p1/auth2-hostbased.c.audit openssh-6.3p1/auth2-hostbased.c
---- openssh-6.3p1/auth2-hostbased.c.audit 2013-10-07 15:53:34.223717384 +0200
-+++ openssh-6.3p1/auth2-hostbased.c 2013-10-07 15:53:34.247717272 +0200
+diff --git a/auth2-hostbased.c b/auth2-hostbased.c
+index 572b12d..615e4bd 100644
+--- a/auth2-hostbased.c
++++ b/auth2-hostbased.c
@@ -123,7 +123,7 @@ userauth_hostbased(Authctxt *authctxt)
/* test for allowed key and correct signature */
authenticated = 0;
@@ -836,9 +876,10 @@ diff -up openssh-6.3p1/auth2-hostbased.c.audit openssh-6.3p1/auth2-hostbased.c
/* return 1 if given hostkey is allowed */
int
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
-diff -up openssh-6.3p1/auth2-pubkey.c.audit openssh-6.3p1/auth2-pubkey.c
---- openssh-6.3p1/auth2-pubkey.c.audit 2013-10-07 15:53:34.224717379 +0200
-+++ openssh-6.3p1/auth2-pubkey.c 2013-10-08 15:11:42.282436972 +0200
+diff --git a/auth2-pubkey.c b/auth2-pubkey.c
+index 2dfba9e..c3771a3 100644
+--- a/auth2-pubkey.c
++++ b/auth2-pubkey.c
@@ -152,7 +152,7 @@ userauth_pubkey(Authctxt *authctxt)
/* test for correct signature */
authenticated = 0;
@@ -848,7 +889,7 @@ diff -up openssh-6.3p1/auth2-pubkey.c.audit openssh-6.3p1/auth2-pubkey.c
buffer_len(&b))) == 1)
authenticated = 1;
buffer_free(&b);
-@@ -223,6 +223,18 @@ pubkey_auth_info(Authctxt *authctxt, con
+@@ -223,6 +223,18 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
free(extra);
}
@@ -867,10 +908,11 @@ diff -up openssh-6.3p1/auth2-pubkey.c.audit openssh-6.3p1/auth2-pubkey.c
static int
match_principals_option(const char *principal_list, struct KeyCert *cert)
{
-diff -up openssh-6.3p1/auth2.c.audit openssh-6.3p1/auth2.c
---- openssh-6.3p1/auth2.c.audit 2013-06-01 23:41:51.000000000 +0200
-+++ openssh-6.3p1/auth2.c 2013-10-07 15:53:34.248717268 +0200
-@@ -245,9 +245,6 @@ input_userauth_request(int type, u_int32
+diff --git a/auth2.c b/auth2.c
+index f0cab8c..64c03a8 100644
+--- a/auth2.c
++++ b/auth2.c
+@@ -245,9 +245,6 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
} else {
logit("input_userauth_request: invalid user %s", user);
authctxt->pw = fakepw();
@@ -880,10 +922,11 @@ diff -up openssh-6.3p1/auth2.c.audit openssh-6.3p1/auth2.c
}
#ifdef USE_PAM
if (options.use_pam)
-diff -up openssh-6.3p1/cipher.c.audit openssh-6.3p1/cipher.c
---- openssh-6.3p1/cipher.c.audit 2013-10-07 15:53:34.248717268 +0200
-+++ openssh-6.3p1/cipher.c 2013-10-07 16:06:51.117971891 +0200
-@@ -55,18 +55,6 @@ extern const EVP_CIPHER *evp_ssh1_bf(voi
+diff --git a/cipher.c b/cipher.c
+index a2cbe2b..02dceec 100644
+--- a/cipher.c
++++ b/cipher.c
+@@ -55,18 +55,6 @@ extern const EVP_CIPHER *evp_ssh1_bf(void);
extern const EVP_CIPHER *evp_ssh1_3des(void);
extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
@@ -902,9 +945,10 @@ diff -up openssh-6.3p1/cipher.c.audit openssh-6.3p1/cipher.c
static const struct Cipher ciphers[] = {
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
-diff -up openssh-6.3p1/cipher.h.audit openssh-6.3p1/cipher.h
---- openssh-6.3p1/cipher.h.audit 2013-04-23 11:24:32.000000000 +0200
-+++ openssh-6.3p1/cipher.h 2013-10-07 15:53:34.248717268 +0200
+diff --git a/cipher.h b/cipher.h
+index b878d50..d4e801b 100644
+--- a/cipher.h
++++ b/cipher.h
@@ -61,7 +61,18 @@
typedef struct Cipher Cipher;
typedef struct CipherContext CipherContext;
@@ -925,9 +969,10 @@ diff -up openssh-6.3p1/cipher.h.audit openssh-6.3p1/cipher.h
struct CipherContext {
int plaintext;
int encrypt;
-diff -up openssh-6.3p1/kex.c.audit openssh-6.3p1/kex.c
---- openssh-6.3p1/kex.c.audit 2013-06-01 23:31:18.000000000 +0200
-+++ openssh-6.3p1/kex.c 2013-10-07 15:53:34.249717264 +0200
+diff --git a/kex.c b/kex.c
+index 54bd1a4..1c617b9 100644
+--- a/kex.c
++++ b/kex.c
@@ -49,6 +49,7 @@
#include "dispatch.h"
#include "monitor.h"
@@ -990,7 +1035,7 @@ diff -up openssh-6.3p1/kex.c.audit openssh-6.3p1/kex.c
}
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
-@@ -656,3 +672,34 @@ dump_digest(char *msg, u_char *digest, i
+@@ -656,3 +672,34 @@ dump_digest(char *msg, u_char *digest, int len)
fprintf(stderr, "\n");
}
#endif
@@ -1025,9 +1070,10 @@ diff -up openssh-6.3p1/kex.c.audit openssh-6.3p1/kex.c
+ memset(&newkeys->comp, 0, sizeof(newkeys->comp));
+}
+
-diff -up openssh-6.3p1/kex.h.audit openssh-6.3p1/kex.h
---- openssh-6.3p1/kex.h.audit 2013-07-20 05:21:53.000000000 +0200
-+++ openssh-6.3p1/kex.h 2013-10-07 15:53:34.249717264 +0200
+diff --git a/kex.h b/kex.h
+index 9f1e1ad..7d81793 100644
+--- a/kex.h
++++ b/kex.h
@@ -162,6 +162,8 @@ void kexgex_server(Kex *);
void kexecdh_client(Kex *);
void kexecdh_server(Kex *);
@@ -1037,9 +1083,10 @@ diff -up openssh-6.3p1/kex.h.audit openssh-6.3p1/kex.h
void
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
-diff -up openssh-6.3p1/key.c.audit openssh-6.3p1/key.c
---- openssh-6.3p1/key.c.audit 2013-10-07 15:53:34.224717379 +0200
-+++ openssh-6.3p1/key.c 2013-10-07 15:53:34.249717264 +0200
+diff --git a/key.c b/key.c
+index 4b10ef4..8c0a47d 100644
+--- a/key.c
++++ b/key.c
@@ -1773,6 +1773,30 @@ key_demote(const Key *k)
}
@@ -1071,9 +1118,10 @@ diff -up openssh-6.3p1/key.c.audit openssh-6.3p1/key.c
key_is_cert(const Key *k)
{
if (k == NULL)
-diff -up openssh-6.3p1/key.h.audit openssh-6.3p1/key.h
---- openssh-6.3p1/key.h.audit 2013-10-07 15:53:34.224717379 +0200
-+++ openssh-6.3p1/key.h 2013-10-07 15:53:34.249717264 +0200
+diff --git a/key.h b/key.h
+index 9d0e7a8..7a5b8f5 100644
+--- a/key.h
++++ b/key.h
@@ -110,6 +110,7 @@ Key *key_generate(int, u_int);
Key *key_from_private(const Key *);
int key_type_from_name(char *);
@@ -1082,9 +1130,10 @@ diff -up openssh-6.3p1/key.h.audit openssh-6.3p1/key.h
int key_type_plain(int);
int key_to_certified(Key *, int);
int key_drop_cert(Key *);
-diff -up openssh-6.3p1/mac.c.audit openssh-6.3p1/mac.c
---- openssh-6.3p1/mac.c.audit 2013-06-06 00:12:37.000000000 +0200
-+++ openssh-6.3p1/mac.c 2013-10-07 15:53:34.250717259 +0200
+diff --git a/mac.c b/mac.c
+index c4dfb50..cb53860 100644
+--- a/mac.c
++++ b/mac.c
@@ -224,6 +224,20 @@ mac_clear(Mac *mac)
mac->umac_ctx = NULL;
}
@@ -1106,17 +1155,19 @@ diff -up openssh-6.3p1/mac.c.audit openssh-6.3p1/mac.c
/* XXX copied from ciphers_valid */
#define MAC_SEP ","
int
-diff -up openssh-6.3p1/mac.h.audit openssh-6.3p1/mac.h
---- openssh-6.3p1/mac.h.audit 2013-04-23 11:24:32.000000000 +0200
-+++ openssh-6.3p1/mac.h 2013-10-07 15:53:34.250717259 +0200
+diff --git a/mac.h b/mac.h
+index 260798a..f51508e 100644
+--- a/mac.h
++++ b/mac.h
@@ -29,3 +29,4 @@ int mac_setup(Mac *, char *);
int mac_init(Mac *);
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
void mac_clear(Mac *);
+void mac_destroy(Mac *);
-diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
---- openssh-6.3p1/monitor.c.audit 2013-10-07 15:53:34.217717411 +0200
-+++ openssh-6.3p1/monitor.c 2013-10-08 15:10:38.270726936 +0200
+diff --git a/monitor.c b/monitor.c
+index b5414ba..e28690e 100644
+--- a/monitor.c
++++ b/monitor.c
@@ -98,6 +98,7 @@
#include "jpake.h"
#include "roaming.h"
@@ -1134,7 +1185,7 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
/* State exported from the child */
struct {
-@@ -186,6 +189,11 @@ int mm_answer_gss_checkmic(int, Buffer *
+@@ -186,6 +189,11 @@ int mm_answer_gss_checkmic(int, Buffer *);
#ifdef SSH_AUDIT_EVENTS
int mm_answer_audit_event(int, Buffer *);
int mm_answer_audit_command(int, Buffer *);
@@ -1146,7 +1197,7 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
#endif
static int monitor_read_log(struct monitor *);
-@@ -237,6 +245,10 @@ struct mon_table mon_dispatch_proto20[]
+@@ -237,6 +245,10 @@ struct mon_table mon_dispatch_proto20[] = {
#endif
#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
@@ -1157,7 +1208,7 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
#endif
#ifdef BSD_AUTH
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
-@@ -273,6 +285,11 @@ struct mon_table mon_dispatch_postauth20
+@@ -273,6 +285,11 @@ struct mon_table mon_dispatch_postauth20[] = {
#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
@@ -1169,7 +1220,7 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
#endif
{0, 0, NULL}
};
-@@ -304,6 +321,10 @@ struct mon_table mon_dispatch_proto15[]
+@@ -304,6 +321,10 @@ struct mon_table mon_dispatch_proto15[] = {
#endif
#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
@@ -1180,7 +1231,7 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
#endif
{0, 0, NULL}
};
-@@ -315,6 +336,11 @@ struct mon_table mon_dispatch_postauth15
+@@ -315,6 +336,11 @@ struct mon_table mon_dispatch_postauth15[] = {
#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
@@ -1254,7 +1305,7 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR)
exit(1);
-@@ -1770,11 +1818,43 @@ mm_answer_audit_command(int socket, Buff
+@@ -1770,11 +1818,43 @@ mm_answer_audit_command(int socket, Buffer *m)
{
u_int len;
char *cmd;
@@ -1299,7 +1350,7 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
free(cmd);
return (0);
}
-@@ -1910,11 +1990,13 @@ mm_get_keystate(struct monitor *pmonitor
+@@ -1910,11 +1990,13 @@ mm_get_keystate(struct monitor *pmonitor)
blob = buffer_get_string(&m, &bloblen);
current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
@@ -1313,7 +1364,7 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
free(blob);
/* Now get sequence numbers for the packets */
-@@ -1960,6 +2042,21 @@ mm_get_keystate(struct monitor *pmonitor
+@@ -1960,6 +2042,21 @@ mm_get_keystate(struct monitor *pmonitor)
}
buffer_free(&m);
@@ -1335,7 +1386,7 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
}
-@@ -2361,3 +2458,86 @@ mm_answer_jpake_check_confirm(int sock,
+@@ -2361,3 +2458,86 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m)
}
#endif /* JPAKE */
@@ -1422,9 +1473,10 @@ diff -up openssh-6.3p1/monitor.c.audit openssh-6.3p1/monitor.c
+ return 0;
+}
+#endif /* SSH_AUDIT_EVENTS */
-diff -up openssh-6.3p1/monitor.h.audit openssh-6.3p1/monitor.h
---- openssh-6.3p1/monitor.h.audit 2012-12-02 23:53:21.000000000 +0100
-+++ openssh-6.3p1/monitor.h 2013-10-07 15:53:34.251717254 +0200
+diff --git a/monitor.h b/monitor.h
+index 2caa469..1a15066 100644
+--- a/monitor.h
++++ b/monitor.h
@@ -68,7 +68,13 @@ enum monitor_reqtype {
MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107,
MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109,
@@ -1440,10 +1492,11 @@ diff -up openssh-6.3p1/monitor.h.audit openssh-6.3p1/monitor.h
};
-diff -up openssh-6.4p1/monitor_wrap.c.audit openssh-6.4p1/monitor_wrap.c
---- openssh-6.4p1/monitor_wrap.c.audit 2013-11-08 13:26:47.062595006 +0100
-+++ openssh-6.4p1/monitor_wrap.c 2013-11-08 13:26:47.089594877 +0100
-@@ -433,7 +433,7 @@ mm_key_allowed(enum mm_keytype type, cha
+diff --git a/monitor_wrap.c b/monitor_wrap.c
+index 4940761..75e9cba 100644
+--- a/monitor_wrap.c
++++ b/monitor_wrap.c
+@@ -433,7 +433,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
*/
int
@@ -1452,7 +1505,7 @@ diff -up openssh-6.4p1/monitor_wrap.c.audit openssh-6.4p1/monitor_wrap.c
{
Buffer m;
u_char *blob;
-@@ -447,6 +447,7 @@ mm_key_verify(Key *key, u_char *sig, u_i
+@@ -447,6 +447,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
return (0);
buffer_init(&m);
@@ -1460,7 +1513,7 @@ diff -up openssh-6.4p1/monitor_wrap.c.audit openssh-6.4p1/monitor_wrap.c
buffer_put_string(&m, blob, len);
buffer_put_string(&m, sig, siglen);
buffer_put_string(&m, data, datalen);
-@@ -464,6 +465,19 @@ mm_key_verify(Key *key, u_char *sig, u_i
+@@ -464,6 +465,19 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
return (verified);
}
@@ -1480,7 +1533,7 @@ diff -up openssh-6.4p1/monitor_wrap.c.audit openssh-6.4p1/monitor_wrap.c
/* Export key state after authentication */
Newkeys *
mm_newkeys_from_blob(u_char *blob, int blen)
-@@ -642,12 +656,14 @@ mm_send_keystate(struct monitor *monitor
+@@ -642,12 +656,14 @@ mm_send_keystate(struct monitor *monitor)
fatal("%s: conversion of newkeys failed", __func__);
buffer_put_string(&m, blob, bloblen);
@@ -1508,7 +1561,7 @@ diff -up openssh-6.4p1/monitor_wrap.c.audit openssh-6.4p1/monitor_wrap.c
debug3("%s entering command %s", __func__, command);
-@@ -1202,6 +1219,26 @@ mm_audit_run_command(const char *command
+@@ -1202,6 +1219,26 @@ mm_audit_run_command(const char *command)
buffer_put_cstring(&m, command);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
@@ -1608,10 +1661,11 @@ diff -up openssh-6.4p1/monitor_wrap.c.audit openssh-6.4p1/monitor_wrap.c
+ buffer_free(&m);
+}
+#endif /* SSH_AUDIT_EVENTS */
-diff -up openssh-6.3p1/monitor_wrap.h.audit openssh-6.3p1/monitor_wrap.h
---- openssh-6.3p1/monitor_wrap.h.audit 2011-06-20 06:42:23.000000000 +0200
-+++ openssh-6.3p1/monitor_wrap.h 2013-10-07 15:53:34.252717250 +0200
-@@ -49,7 +49,8 @@ int mm_key_allowed(enum mm_keytype, char
+diff --git a/monitor_wrap.h b/monitor_wrap.h
+index 0c7f2e3..f47c7df 100644
+--- a/monitor_wrap.h
++++ b/monitor_wrap.h
+@@ -49,7 +49,8 @@ int mm_key_allowed(enum mm_keytype, char *, char *, Key *);
int mm_user_key_allowed(struct passwd *, Key *);
int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *);
int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
@@ -1635,9 +1689,10 @@ diff -up openssh-6.3p1/monitor_wrap.h.audit openssh-6.3p1/monitor_wrap.h
#endif
struct Session;
-diff -up openssh-6.3p1/packet.c.audit openssh-6.3p1/packet.c
---- openssh-6.3p1/packet.c.audit 2013-10-07 15:53:34.231717347 +0200
-+++ openssh-6.3p1/packet.c 2013-10-07 16:08:00.764639577 +0200
+diff --git a/packet.c b/packet.c
+index 776660e..01eb4d1 100644
+--- a/packet.c
++++ b/packet.c
@@ -61,6 +61,7 @@
#include <time.h>
@@ -1834,18 +1889,20 @@ diff -up openssh-6.3p1/packet.c.audit openssh-6.3p1/packet.c
+ backup_state = NULL;
}
+
-diff -up openssh-6.3p1/packet.h.audit openssh-6.3p1/packet.h
---- openssh-6.3p1/packet.h.audit 2013-07-18 08:12:45.000000000 +0200
-+++ openssh-6.3p1/packet.h 2013-10-07 15:53:34.252717250 +0200
+diff --git a/packet.h b/packet.h
+index f8edf85..c36c812 100644
+--- a/packet.h
++++ b/packet.h
@@ -124,4 +124,5 @@ void packet_restore_state(void);
void *packet_get_input(void);
void *packet_get_output(void);
+void packet_destroy_all(int, int);
#endif /* PACKET_H */
-diff -up openssh-6.3p1/session.c.audit openssh-6.3p1/session.c
---- openssh-6.3p1/session.c.audit 2013-07-20 05:21:53.000000000 +0200
-+++ openssh-6.3p1/session.c 2013-10-07 16:03:43.975861636 +0200
+diff --git a/session.c b/session.c
+index d4b57bd..4279af5 100644
+--- a/session.c
++++ b/session.c
@@ -137,7 +137,7 @@ extern int log_stderr;
extern int debug_flag;
extern u_int utmp_len;
@@ -1855,7 +1912,7 @@ diff -up openssh-6.3p1/session.c.audit openssh-6.3p1/session.c
extern Buffer loginmsg;
/* original command from peer. */
-@@ -745,6 +745,14 @@ do_exec_pty(Session *s, const char *comm
+@@ -745,6 +745,14 @@ do_exec_pty(Session *s, const char *command)
/* Parent. Close the slave side of the pseudo tty. */
close(ttyfd);
@@ -1892,7 +1949,7 @@ diff -up openssh-6.3p1/session.c.audit openssh-6.3p1/session.c
#endif
if (s->ttyfd != -1)
ret = do_exec_pty(s, command);
-@@ -1642,7 +1654,10 @@ do_child(Session *s, const char *command
+@@ -1642,7 +1654,10 @@ do_child(Session *s, const char *command)
int r = 0;
/* remove hostkey from the child's memory */
@@ -1912,7 +1969,7 @@ diff -up openssh-6.3p1/session.c.audit openssh-6.3p1/session.c
sessions[id].next_unused = sessions_first_unused;
sessions_first_unused = id;
}
-@@ -1951,6 +1967,19 @@ session_open(Authctxt *authctxt, int cha
+@@ -1951,6 +1967,19 @@ session_open(Authctxt *authctxt, int chanid)
}
Session *
@@ -1932,7 +1989,7 @@ diff -up openssh-6.3p1/session.c.audit openssh-6.3p1/session.c
session_by_tty(char *tty)
{
int i;
-@@ -2467,6 +2496,30 @@ session_exit_message(Session *s, int sta
+@@ -2467,6 +2496,30 @@ session_exit_message(Session *s, int status)
chan_write_failed(c);
}
@@ -1997,9 +2054,10 @@ diff -up openssh-6.3p1/session.c.audit openssh-6.3p1/session.c
- session_destroy_all(session_pty_cleanup2);
+ session_destroy_all(do_cleanup_one_session);
}
-diff -up openssh-6.3p1/session.h.audit openssh-6.3p1/session.h
---- openssh-6.3p1/session.h.audit 2008-05-19 07:34:50.000000000 +0200
-+++ openssh-6.3p1/session.h 2013-10-07 15:53:34.253717245 +0200
+diff --git a/session.h b/session.h
+index cbb8e3a..fc6a7d3 100644
+--- a/session.h
++++ b/session.h
@@ -60,6 +60,12 @@ struct Session {
char *name;
char *val;
@@ -2024,9 +2082,10 @@ diff -up openssh-6.3p1/session.h.audit openssh-6.3p1/session.h
Session *session_by_tty(char *);
void session_close(Session *);
void do_setusercontext(struct passwd *);
-diff -up openssh-6.3p1/sshd.c.audit openssh-6.3p1/sshd.c
---- openssh-6.3p1/sshd.c.audit 2013-10-07 15:53:34.221717393 +0200
-+++ openssh-6.3p1/sshd.c 2013-10-07 15:53:34.254717240 +0200
+diff --git a/sshd.c b/sshd.c
+index 5b8a432..c792495 100644
+--- a/sshd.c
++++ b/sshd.c
@@ -119,6 +119,7 @@
#endif
#include "monitor_wrap.h"
@@ -2060,7 +2119,7 @@ diff -up openssh-6.3p1/sshd.c.audit openssh-6.3p1/sshd.c
static void
close_startup_pipes(void)
{
-@@ -550,22 +560,47 @@ sshd_exchange_identification(int sock_in
+@@ -550,22 +560,47 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
}
@@ -2177,7 +2236,7 @@ diff -up openssh-6.3p1/sshd.c.audit openssh-6.3p1/sshd.c
monitor_child_postauth(pmonitor);
/* NEVERREACHED */
-@@ -1178,6 +1235,7 @@ server_accept_loop(int *sock_in, int *so
+@@ -1178,6 +1235,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
if (received_sigterm) {
logit("Received signal %d; terminating.",
(int) received_sigterm);
diff --git a/openssh-6.4p1-ignore-SIGXFSZ-in-postauth.patch b/openssh-6.4p1-ignore-SIGXFSZ-in-postauth.patch
new file mode 100644
index 0000000..be77aeb
--- /dev/null
+++ b/openssh-6.4p1-ignore-SIGXFSZ-in-postauth.patch
@@ -0,0 +1,28 @@
+diff --git a/ChangeLog b/ChangeLog
+index 7bcd596..3a0d993 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,9 @@
++20140823
++ - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
++ lastlog writing on platforms with high UIDs; bz#2263
++ - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
++ monitor, not preauth; bz#2263
++
+ 20140703
+ - OpenBSD CVS Sync
+ - djm at cvs.openbsd.org 2014/07/03 03:34:09
+diff --git a/monitor.c b/monitor.c
+index 453bea3..9dadb4d 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -524,6 +524,9 @@ monitor_child_postauth(struct monitor *pmonitor)
+ signal(SIGHUP, &monitor_child_handler);
+ signal(SIGTERM, &monitor_child_handler);
+ signal(SIGINT, &monitor_child_handler);
++#ifdef SIGXFSZ
++ signal(SIGXFSZ, SIG_IGN);
++#endif
+
+ if (compat20) {
+ mon_dispatch = mon_dispatch_postauth20;
diff --git a/openssh-6.4p1-kuserok.patch b/openssh-6.4p1-kuserok.patch
new file mode 100644
index 0000000..4a5b7f8
--- /dev/null
+++ b/openssh-6.4p1-kuserok.patch
@@ -0,0 +1,291 @@
+diff --git a/auth-krb5.c b/auth-krb5.c
+index 7c83f59..966b4cb 100644
+--- a/auth-krb5.c
++++ b/auth-krb5.c
+@@ -54,6 +54,21 @@
+
+ extern ServerOptions options;
+
++int
++ssh_krb5_kuserok(krb5_context krb5_ctx, krb5_principal krb5_user, const char *client,
++ int k5login_exists)
++{
++ if (options.use_kuserok || !k5login_exists)
++ return krb5_kuserok(krb5_ctx, krb5_user, client);
++ else {
++ char kuser[65];
++
++ if (krb5_aname_to_localname(krb5_ctx, krb5_user, sizeof(kuser), kuser))
++ return 0;
++ return strcmp(kuser, client) == 0;
++ }
++}
++
+ static int
+ krb5_init(void *context)
+ {
+@@ -157,7 +172,9 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
+ if (problem)
+ goto out;
+
+- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) {
++ /* Use !options.use_kuserok here to make ssh_krb5_kuserok() not
++ * depend on the existance of .k5login */
++ if (!ssh_krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client, !options.use_kuserok)) {
+ problem = -1;
+ goto out;
+ }
+diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
+index b4d479e..a9326a7 100644
+--- a/gss-serv-krb5.c
++++ b/gss-serv-krb5.c
+@@ -67,6 +67,7 @@ static int ssh_gssapi_krb5_cmdok(krb5_principal, const char *, const char *,
+ int);
+
+ static krb5_context krb_context = NULL;
++extern int ssh_krb5_kuserok(krb5_context, krb5_principal, const char *, int);
+
+ /* Initialise the krb5 library, for the stuff that GSSAPI won't do */
+
+@@ -92,6 +93,103 @@ ssh_gssapi_krb5_init(void)
+ * Returns true if the user is OK to log in, otherwise returns 0
+ */
+
++/* The purpose of the function is to find out if a Kerberos principal is
++ * allowed to log in as the given local user. This is a general problem with
++ * Kerberized services because by design the Kerberos principals are
++ * completely independent from the local user names. This is one of the
++ * reasons why Kerberos is working well on different operating systems like
++ * Windows and UNIX/Linux. Nevertheless a relationship between a Kerberos
++ * principal and a local user name must be established because otherwise every
++ * access would be granted for every principal with a valid ticket.
++ *
++ * Since it is a general issue libkrb5 provides some functions for
++ * applications to find out about the relationship between the Kerberos
++ * principal and a local user name. They are krb5_kuserok() and
++ * krb5_aname_to_localname().
++ *
++ * krb5_kuserok() can be used to "Determine if a principal is authorized to
++ * log in as a local user" (from the MIT Kerberos documentation of this
++ * function). Which is exactly what we are looking for and should be the
++ * preferred choice. It accepts the Kerberos principal and a local user name
++ * and let libkrb5 or its plugins determine if they relate to each other or
++ * not.
++ *
++ * krb5_aname_to_localname() can use used to "Convert a principal name to a
++ * local name" (from the MIT Kerberos documentation of this function). It
++ * accepts a Kerberos principle and returns a local name and it is up to the
++ * application to do any additional checks. There are two issues using
++ * krb5_aname_to_localname(). First, since POSIX user names are case
++ * sensitive, the calling application in general has no other choice than
++ * doing a case-sensitive string comparison between the name returned by
++ * krb5_aname_to_localname() and the name used at the login prompt. When the
++ * users are provided by a case in-sensitive server, e.g. Active Directory,
++ * this might lead to login failures because the user typing the name at the
++ * login prompt might not be aware of the right case. Another issue might be
++ * caused if there are multiple alias names available for a single user. E.g.
++ * the canonical name of a user is user at group.department.example.com but there
++ * exists a shorter login name, e.g. user at example.com, to safe typing at the
++ * login prompt. Here krb5_aname_to_localname() can only return the canonical
++ * name, but if the short alias is used at the login prompt authentication
++ * will fail as well. All this can be avoided by using krb5_kuserok() and
++ * configuring krb5.conf or using a suitable plugin to meet the needs of the
++ * given environment.
++ *
++ * The Fedora and RHEL version of openssh contain two patches which modify the
++ * access control behavior:
++ * - openssh-6.6p1-kuserok.patch
++ * - openssh-6.6p1-force_krb.patch
++ *
++ * openssh-6.6p1-kuserok.patch adds a new option KerberosUseKuserok for
++ * sshd_config which controls if krb5_kuserok() is used to check if the
++ * principle is authorized or if krb5_aname_to_localname() should be used.
++ * The reason to add this patch was that krb5_kuserok() by default checks if
++ * a .k5login file exits in the users home-directory. With this the user can
++ * give access to his account for any given principal which might be
++ * in violation with company policies and it would be useful if this can be
++ * rejected. Nevertheless the patch ignores the fact that krb5_kuserok() does
++ * no only check .k5login but other sources as well and checking .k5login can
++ * be disabled for all applications in krb5.conf as well. With this new
++ * option KerberosUseKuserok set to 'no' (and this is the default for RHEL7
++ * and Fedora 21) openssh can only use krb5_aname_to_localname() with the
++ * restrictions mentioned above.
++ *
++ * openssh-6.6p1-force_krb.patch adds a ksu like behaviour to ssh, i.e. when
++ * using GSSAPI authentication only commands configured in the .k5user can be
++ * executed. Here the wrong assumption that krb5_kuserok() only checks
++ * .k5login is made as well. In contrast ksu checks .k5login directly and
++ * does not use krb5_kuserok() which might be more useful for the given
++ * purpose. Additionally this patch is not synced with
++ * openssh-6.6p1-kuserok.patch.
++ *
++ * The current patch tries to restore the usage of krb5_kuserok() so that e.g.
++ * localauth plugins can be used. It does so by adding a forth parameter to
++ * ssh_krb5_kuserok() which indicates whether .k5login exists or not. If it
++ * does not exists krb5_kuserok() is called even if KerberosUseKuserok is set
++ * to 'no' because the intent of the option is to not check .k5login and if it
++ * does not exists krb5_kuserok() returns a result without checking .k5login.
++ * If .k5login does exists and KerberosUseKuserok is 'no' we fall back to
++ * krb5_aname_to_localname(). This is in my point of view an acceptable
++ * limitation and does not break the current behaviour.
++ *
++ * Additionally with this patch ssh_krb5_kuserok() is called in
++ * ssh_gssapi_krb5_cmdok() instead of only krb5_aname_to_localname() is
++ * neither .k5login nor .k5users exists to allow plugin evaluation via
++ * krb5_kuserok() as well.
++ *
++ * I tried to keep the patch as minimal as possible, nevertheless I see some
++ * areas for improvement which, if they make sense, have to be evaluated
++ * carefully because they might change existing behaviour and cause breaks
++ * during upgrade:
++ * - I wonder if disabling .k5login usage make sense in sshd or if it should
++ * be better disabled globally in krb5.conf
++ * - if really needed openssh-6.6p1-kuserok.patch should be fixed to really
++ * only disable checking .k5login and maybe .k5users
++ * - the ksu behaviour should be configurable and maybe check the .k5login and
++ * .k5users files directly like ksu itself does
++ * - to make krb5_aname_to_localname() more useful an option for sshd to use
++ * the canonical name (the one returned by getpwnam()) instead of the name
++ * given at the login prompt might be useful */
++
+ static int
+ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
+ {
+@@ -116,7 +214,8 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
+ /* NOTE: .k5login and .k5users must opened as root, not the user,
+ * because if they are on a krb5-protected filesystem, user credentials
+ * to access these files aren't available yet. */
+- if (krb5_kuserok(krb_context, princ, name) && k5login_exists) {
++ if (ssh_krb5_kuserok(krb_context, princ, name, k5login_exists)
++ && k5login_exists) {
+ retval = 1;
+ logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
+ name, (char *)client->displayname.value);
+@@ -171,9 +270,8 @@ ssh_gssapi_krb5_cmdok(krb5_principal principal, const char *name,
+ snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir);
+ /* If both .k5login and .k5users DNE, self-login is ok. */
+ if (!k5login_exists && (access(file, F_OK) == -1)) {
+- return (krb5_aname_to_localname(krb_context, principal,
+- sizeof(kuser), kuser) == 0) &&
+- (strcmp(kuser, luser) == 0);
++ return ssh_krb5_kuserok(krb_context, principal, luser,
++ k5login_exists);
+ }
+ if ((fp = fopen(file, "r")) == NULL) {
+ int saved_errno = errno;
+diff --git a/servconf.c b/servconf.c
+index 277b2bd..1e88905 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options)
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
+ options->version_addendum = NULL;
++ options->use_kuserok = -1;
+ }
+
+ void
+@@ -310,6 +311,8 @@ fill_default_server_options(ServerOptions *options)
+ options->version_addendum = xstrdup("");
+ if (options->show_patchlevel == -1)
+ options->show_patchlevel = 0;
++ if (options->use_kuserok == -1)
++ options->use_kuserok = 1;
+
+ /* Turn privilege separation on by default */
+ if (use_privsep == -1)
+@@ -336,7 +339,7 @@ typedef enum {
+ sPermitRootLogin, sLogFacility, sLogLevel,
+ sRhostsRSAAuthentication, sRSAAuthentication,
+ sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
+- sKerberosGetAFSToken,
++ sKerberosGetAFSToken, sKerberosUseKuserok,
+ sKerberosTgtPassing, sChallengeResponseAuthentication,
+ sPasswordAuthentication, sKbdInteractiveAuthentication,
+ sListenAddress, sAddressFamily,
+@@ -409,11 +412,13 @@ static struct {
+ #else
+ { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
+ #endif
++ { "kerberosusekuserok", sKerberosUseKuserok, SSHCFG_ALL },
+ #else
+ { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
+ { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
+ { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
+ { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
++ { "kerberosusekuserok", sUnsupported, SSHCFG_ALL },
+ #endif
+ { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
+ { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
+@@ -1515,6 +1520,10 @@ process_server_config_line(ServerOptions *options, char *line,
+ *activep = value;
+ break;
+
++ case sKerberosUseKuserok:
++ intptr = &options->use_kuserok;
++ goto parse_flag;
++
+ case sPermitOpen:
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+@@ -1815,6 +1824,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
+ M_CP_INTOPT(max_authtries);
+ M_CP_INTOPT(ip_qos_interactive);
+ M_CP_INTOPT(ip_qos_bulk);
++ M_CP_INTOPT(use_kuserok);
+ M_CP_INTOPT(rekey_limit);
+ M_CP_INTOPT(rekey_interval);
+
+@@ -2055,6 +2065,7 @@ dump_config(ServerOptions *o)
+ dump_cfg_fmtint(sUseDNS, o->use_dns);
+ dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
+ dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
++ dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok);
+
+ /* string arguments */
+ dump_cfg_string(sPidFile, o->pid_file);
+diff --git a/servconf.h b/servconf.h
+index 57752cb..615aaba 100644
+--- a/servconf.h
++++ b/servconf.h
+@@ -174,6 +174,7 @@ typedef struct {
+
+ int num_permitted_opens;
+
++ int use_kuserok;
+ char *chroot_directory;
+ char *revoked_keys_file;
+ char *trusted_user_ca_keys;
+diff -up openssh-6.3p1/sshd_config.5.kuserok openssh-6.3p1/sshd_config.5
+--- openssh-6.3p1/sshd_config.5.kuserok 2013-10-11 21:41:42.898087571 +0200
++++ openssh-6.3p1/sshd_config.5 2013-10-11 21:41:42.907087528 +0200
+@@ -675,6 +675,10 @@ Specifies whether to automatically destr
+ file on logout.
+ The default is
+ .Dq yes .
++.It Cm KerberosUseKuserok
++Specifies whether to look at .k5login file for user's aliases.
++The default is
++.Dq yes .
+ .It Cm KexAlgorithms
+ Specifies the available KEX (Key Exchange) algorithms.
+ Multiple algorithms must be comma-separated.
+@@ -833,6 +837,7 @@ Available keywords are
+ .Cm HostbasedUsesNameFromPacketOnly ,
+ .Cm KbdInteractiveAuthentication ,
+ .Cm KerberosAuthentication ,
++.Cm KerberosUseKuserok ,
+ .Cm MaxAuthTries ,
+ .Cm MaxSessions ,
+ .Cm PasswordAuthentication ,
+diff -up openssh-6.3p1/sshd_config.kuserok openssh-6.3p1/sshd_config
+--- openssh-6.3p1/sshd_config.kuserok 2013-10-11 21:41:42.898087571 +0200
++++ openssh-6.3p1/sshd_config 2013-10-11 21:41:42.907087528 +0200
+@@ -86,6 +86,7 @@ ChallengeResponseAuthentication no
+ #KerberosOrLocalPasswd yes
+ #KerberosTicketCleanup yes
+ #KerberosGetAFSToken no
++#KerberosUseKuserok yes
+
+ # GSSAPI options
+ #GSSAPIAuthentication no
diff --git a/openssh-6.4p1-partial-success.patch b/openssh-6.4p1-partial-success.patch
new file mode 100644
index 0000000..f16794f
--- /dev/null
+++ b/openssh-6.4p1-partial-success.patch
@@ -0,0 +1,16 @@
+diff --git a/auth2.c b/auth2.c
+index 06b672c..8cb9a97 100644
+--- a/auth2.c
++++ b/auth2.c
+@@ -377,8 +377,9 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
+ authctxt->success = 1;
+ } else {
+
+- /* Allow initial try of "none" auth without failure penalty */
+- if (!authctxt->server_caused_failure &&
++ /* Allow initial try of "none" auth without failure penalty
++ * Partial succes is not failure */
++ if (!authctxt->server_caused_failure && !partial &&
+ (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+ authctxt->failures++;
+ if (authctxt->failures >= options.max_authtries) {
diff --git a/openssh-6.4p1-servconf-parser.patch b/openssh-6.4p1-servconf-parser.patch
new file mode 100644
index 0000000..2456123
--- /dev/null
+++ b/openssh-6.4p1-servconf-parser.patch
@@ -0,0 +1,31 @@
+diff --git a/servconf.c b/servconf.c
+index 1e88905..f20504b 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -1562,7 +1562,7 @@ process_server_config_line(ServerOptions *options, char *line,
+ break;
+
+ case sForceCommand:
+- if (cp == NULL)
++ if (cp == NULL || *cp == '\0')
+ fatal("%.200s line %d: Missing argument.", filename,
+ linenum);
+ len = strspn(cp, WHITESPACE);
+@@ -1607,7 +1607,7 @@ process_server_config_line(ServerOptions *options, char *line,
+ break;
+
+ case sVersionAddendum:
+- if (cp == NULL)
++ if (cp == NULL || *cp == '\0')
+ fatal("%.200s line %d: Missing argument.", filename,
+ linenum);
+ len = strspn(cp, WHITESPACE);
+@@ -1642,6 +1642,8 @@ process_server_config_line(ServerOptions *options, char *line,
+ break;
+
+ case sAuthenticationMethods:
++ if (cp == NULL || *cp == '\0')
++ fatal("%.200s line %d: Missing argument.", filename, linenum);
+ if (*activep && options->num_auth_methods == 0) {
+ while ((arg = strdelim(&cp)) && *arg != '\0') {
+ if (options->num_auth_methods >=
diff --git a/openssh-6.4p1-set_remote_ipaddr.patch b/openssh-6.4p1-set_remote_ipaddr.patch
new file mode 100644
index 0000000..a7d8816
--- /dev/null
+++ b/openssh-6.4p1-set_remote_ipaddr.patch
@@ -0,0 +1,87 @@
+diff --git a/canohost.c b/canohost.c
+index f5cb854..c53cc39 100644
+--- a/canohost.c
++++ b/canohost.c
+@@ -343,6 +343,21 @@ clear_cached_addr(void)
+ cached_port = -1;
+ }
+
++void set_remote_ipaddr(void) {
++ if (canonical_host_ip != NULL)
++ free(canonical_host_ip);
++
++ if (packet_connection_is_on_socket()) {
++ canonical_host_ip =
++ get_peer_ipaddr(packet_get_connection_in());
++ if (canonical_host_ip == NULL)
++ cleanup_exit(255);
++ } else {
++ /* If not on socket, return UNKNOWN. */
++ canonical_host_ip = xstrdup("UNKNOWN");
++ }
++}
++
+ /*
+ * Returns the IP-address of the remote host as a string. The returned
+ * string must not be freed.
+@@ -352,17 +367,9 @@ const char *
+ get_remote_ipaddr(void)
+ {
+ /* Check whether we have cached the ipaddr. */
+- if (canonical_host_ip == NULL) {
+- if (packet_connection_is_on_socket()) {
+- canonical_host_ip =
+- get_peer_ipaddr(packet_get_connection_in());
+- if (canonical_host_ip == NULL)
+- cleanup_exit(255);
+- } else {
+- /* If not on socket, return UNKNOWN. */
+- canonical_host_ip = xstrdup("UNKNOWN");
+- }
+- }
++ if (canonical_host_ip == NULL)
++ set_remote_ipaddr();
++
+ return canonical_host_ip;
+ }
+
+diff --git a/canohost.h b/canohost.h
+index 4c8636f..4079953 100644
+--- a/canohost.h
++++ b/canohost.h
+@@ -13,6 +13,7 @@
+ */
+
+ const char *get_canonical_hostname(int);
++void set_remote_ipaddr(void);
+ const char *get_remote_ipaddr(void);
+ const char *get_remote_name_or_ip(u_int, int);
+
+diff --git a/sshconnect.c b/sshconnect.c
+index 4d8c718..b0b4870 100644
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -61,6 +61,7 @@
+ #include "roaming.h"
+ #include "ssh2.h"
+ #include "version.h"
++#include "canohost.h"
+
+ char *client_version_string = NULL;
+ char *server_version_string = NULL;
+@@ -172,6 +173,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
+ packet_set_connection(pout[0], pin[1]);
+ packet_set_timeout(options.server_alive_interval,
+ options.server_alive_count_max);
++ set_remote_ipaddr();
+
+ /* Indicate OK return */
+ return 0;
+@@ -433,6 +435,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
+ packet_set_connection(sock, sock);
+ packet_set_timeout(options.server_alive_interval,
+ options.server_alive_count_max);
++ set_remote_ipaddr();
+
+ return 0;
+ }
diff --git a/openssh-6.4p1-utf8-banner.patch b/openssh-6.4p1-utf8-banner.patch
new file mode 100644
index 0000000..d41b436
--- /dev/null
+++ b/openssh-6.4p1-utf8-banner.patch
@@ -0,0 +1,994 @@
+diff --git a/Makefile.in b/Makefile.in
+index a82bb07..2c0ada8 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -79,7 +79,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
+ kexgssc.o \
+ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
+- jpake.o schnorr.o ssh-pkcs11.o krl.o auditstub.o
++ jpake.o schnorr.o ssh-pkcs11.o krl.o auditstub.o utf8_stringprep.o
+
+ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+ sshconnect.o sshconnect1.o sshconnect2.o mux.o \
+diff --git a/misc.h b/misc.h
+index fceb306..379f7f3 100644
+--- a/misc.h
++++ b/misc.h
+@@ -104,4 +104,7 @@ char *read_passphrase(const char *, int);
+ int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
+ int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
+
++/* utf8_stringprep.c */
++int utf8_stringprep(const char *, char *, size_t);
++
+ #endif /* _MISC_H */
+diff --git a/sshconnect2.c b/sshconnect2.c
+index 3179d82..c74644a 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -33,6 +33,8 @@
+
+ #include <errno.h>
+ #include <fcntl.h>
++#include <langinfo.h>
++#include <locale.h>
+ #include <netdb.h>
+ #include <pwd.h>
+ #include <signal.h>
+@@ -542,21 +544,51 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt)
+ "type %d", type);
+ }
+
++/* Check whether we can display UTF-8 safely */
++static int
++utf8_ok(void)
++{
++ static int ret = -1;
++ char *cp;
++
++ if (ret == -1) {
++ setlocale(LC_CTYPE, "");
++ cp = nl_langinfo(CODESET);
++ ret = strcmp(cp, "UTF-8") == 0;
++ }
++ return ret;
++}
++
+ /* ARGSUSED */
+ void
+ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
+ {
+ char *msg, *raw, *lang;
+- u_int len;
++ u_int done, len;
+
+ debug3("input_userauth_banner");
++
+ raw = packet_get_string(&len);
+ lang = packet_get_string(NULL);
+ if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
+ if (len > 65536)
+ len = 65536;
+ msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
+- strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
++ done = 0;
++ if (utf8_ok()) {
++ if (utf8_stringprep(raw, msg, len * 4 + 1) == 0)
++ done = 1;
++ else
++ debug2("%s: UTF8 stringprep failed", __func__);
++ }
++ /*
++ * Fallback to strnvis if UTF8 display not supported or
++ * conversion failed.
++ */
++ if (!done) {
++ strnvis(msg, raw, len * 4 + 1,
++ VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
++ }
+ fprintf(stderr, "%s", msg);
+ free(msg);
+ }
+diff --git a/stringprep-tables.c b/stringprep-tables.c
+new file mode 100644
+index 0000000..49f4d9d
+--- /dev/null
++++ b/stringprep-tables.c
+@@ -0,0 +1,661 @@
++/* Public domain. */
++
++/* $OpenBSD$ */
++
++/*
++ * Tables for RFC3454 stringprep algorithm, updated with a table of allocated
++ * characters generated from Unicode.6.2's UnicodeData.txt
++ *
++ * Intended to be included directly from utf8_stringprep.c
++ */
++
++/* Unassigned characters in Unicode 6.2 */
++static const struct u32_range unassigned[] = {
++ { 0x0378, 0x0379 },
++ { 0x037F, 0x0383 },
++ { 0x038B, 0x038B },
++ { 0x038D, 0x038D },
++ { 0x03A2, 0x03A2 },
++ { 0x0528, 0x0530 },
++ { 0x0557, 0x0558 },
++ { 0x0560, 0x0560 },
++ { 0x0588, 0x0588 },
++ { 0x058B, 0x058E },
++ { 0x0590, 0x0590 },
++ { 0x05C8, 0x05CF },
++ { 0x05EB, 0x05EF },
++ { 0x05F5, 0x05FF },
++ { 0x0605, 0x0605 },
++ { 0x061C, 0x061D },
++ { 0x070E, 0x070E },
++ { 0x074B, 0x074C },
++ { 0x07B2, 0x07BF },
++ { 0x07FB, 0x07FF },
++ { 0x082E, 0x082F },
++ { 0x083F, 0x083F },
++ { 0x085C, 0x085D },
++ { 0x085F, 0x089F },
++ { 0x08A1, 0x08A1 },
++ { 0x08AD, 0x08E3 },
++ { 0x08FF, 0x08FF },
++ { 0x0978, 0x0978 },
++ { 0x0980, 0x0980 },
++ { 0x0984, 0x0984 },
++ { 0x098D, 0x098E },
++ { 0x0991, 0x0992 },
++ { 0x09A9, 0x09A9 },
++ { 0x09B1, 0x09B1 },
++ { 0x09B3, 0x09B5 },
++ { 0x09BA, 0x09BB },
++ { 0x09C5, 0x09C6 },
++ { 0x09C9, 0x09CA },
++ { 0x09CF, 0x09D6 },
++ { 0x09D8, 0x09DB },
++ { 0x09DE, 0x09DE },
++ { 0x09E4, 0x09E5 },
++ { 0x09FC, 0x0A00 },
++ { 0x0A04, 0x0A04 },
++ { 0x0A0B, 0x0A0E },
++ { 0x0A11, 0x0A12 },
++ { 0x0A29, 0x0A29 },
++ { 0x0A31, 0x0A31 },
++ { 0x0A34, 0x0A34 },
++ { 0x0A37, 0x0A37 },
++ { 0x0A3A, 0x0A3B },
++ { 0x0A3D, 0x0A3D },
++ { 0x0A43, 0x0A46 },
++ { 0x0A49, 0x0A4A },
++ { 0x0A4E, 0x0A50 },
++ { 0x0A52, 0x0A58 },
++ { 0x0A5D, 0x0A5D },
++ { 0x0A5F, 0x0A65 },
++ { 0x0A76, 0x0A80 },
++ { 0x0A84, 0x0A84 },
++ { 0x0A8E, 0x0A8E },
++ { 0x0A92, 0x0A92 },
++ { 0x0AA9, 0x0AA9 },
++ { 0x0AB1, 0x0AB1 },
++ { 0x0AB4, 0x0AB4 },
++ { 0x0ABA, 0x0ABB },
++ { 0x0AC6, 0x0AC6 },
++ { 0x0ACA, 0x0ACA },
++ { 0x0ACE, 0x0ACF },
++ { 0x0AD1, 0x0ADF },
++ { 0x0AE4, 0x0AE5 },
++ { 0x0AF2, 0x0B00 },
++ { 0x0B04, 0x0B04 },
++ { 0x0B0D, 0x0B0E },
++ { 0x0B11, 0x0B12 },
++ { 0x0B29, 0x0B29 },
++ { 0x0B31, 0x0B31 },
++ { 0x0B34, 0x0B34 },
++ { 0x0B3A, 0x0B3B },
++ { 0x0B45, 0x0B46 },
++ { 0x0B49, 0x0B4A },
++ { 0x0B4E, 0x0B55 },
++ { 0x0B58, 0x0B5B },
++ { 0x0B5E, 0x0B5E },
++ { 0x0B64, 0x0B65 },
++ { 0x0B78, 0x0B81 },
++ { 0x0B84, 0x0B84 },
++ { 0x0B8B, 0x0B8D },
++ { 0x0B91, 0x0B91 },
++ { 0x0B96, 0x0B98 },
++ { 0x0B9B, 0x0B9B },
++ { 0x0B9D, 0x0B9D },
++ { 0x0BA0, 0x0BA2 },
++ { 0x0BA5, 0x0BA7 },
++ { 0x0BAB, 0x0BAD },
++ { 0x0BBA, 0x0BBD },
++ { 0x0BC3, 0x0BC5 },
++ { 0x0BC9, 0x0BC9 },
++ { 0x0BCE, 0x0BCF },
++ { 0x0BD1, 0x0BD6 },
++ { 0x0BD8, 0x0BE5 },
++ { 0x0BFB, 0x0C00 },
++ { 0x0C04, 0x0C04 },
++ { 0x0C0D, 0x0C0D },
++ { 0x0C11, 0x0C11 },
++ { 0x0C29, 0x0C29 },
++ { 0x0C34, 0x0C34 },
++ { 0x0C3A, 0x0C3C },
++ { 0x0C45, 0x0C45 },
++ { 0x0C49, 0x0C49 },
++ { 0x0C4E, 0x0C54 },
++ { 0x0C57, 0x0C57 },
++ { 0x0C5A, 0x0C5F },
++ { 0x0C64, 0x0C65 },
++ { 0x0C70, 0x0C77 },
++ { 0x0C80, 0x0C81 },
++ { 0x0C84, 0x0C84 },
++ { 0x0C8D, 0x0C8D },
++ { 0x0C91, 0x0C91 },
++ { 0x0CA9, 0x0CA9 },
++ { 0x0CB4, 0x0CB4 },
++ { 0x0CBA, 0x0CBB },
++ { 0x0CC5, 0x0CC5 },
++ { 0x0CC9, 0x0CC9 },
++ { 0x0CCE, 0x0CD4 },
++ { 0x0CD7, 0x0CDD },
++ { 0x0CDF, 0x0CDF },
++ { 0x0CE4, 0x0CE5 },
++ { 0x0CF0, 0x0CF0 },
++ { 0x0CF3, 0x0D01 },
++ { 0x0D04, 0x0D04 },
++ { 0x0D0D, 0x0D0D },
++ { 0x0D11, 0x0D11 },
++ { 0x0D3B, 0x0D3C },
++ { 0x0D45, 0x0D45 },
++ { 0x0D49, 0x0D49 },
++ { 0x0D4F, 0x0D56 },
++ { 0x0D58, 0x0D5F },
++ { 0x0D64, 0x0D65 },
++ { 0x0D76, 0x0D78 },
++ { 0x0D80, 0x0D81 },
++ { 0x0D84, 0x0D84 },
++ { 0x0D97, 0x0D99 },
++ { 0x0DB2, 0x0DB2 },
++ { 0x0DBC, 0x0DBC },
++ { 0x0DBE, 0x0DBF },
++ { 0x0DC7, 0x0DC9 },
++ { 0x0DCB, 0x0DCE },
++ { 0x0DD5, 0x0DD5 },
++ { 0x0DD7, 0x0DD7 },
++ { 0x0DE0, 0x0DF1 },
++ { 0x0DF5, 0x0E00 },
++ { 0x0E3B, 0x0E3E },
++ { 0x0E5C, 0x0E80 },
++ { 0x0E83, 0x0E83 },
++ { 0x0E85, 0x0E86 },
++ { 0x0E89, 0x0E89 },
++ { 0x0E8B, 0x0E8C },
++ { 0x0E8E, 0x0E93 },
++ { 0x0E98, 0x0E98 },
++ { 0x0EA0, 0x0EA0 },
++ { 0x0EA4, 0x0EA4 },
++ { 0x0EA6, 0x0EA6 },
++ { 0x0EA8, 0x0EA9 },
++ { 0x0EAC, 0x0EAC },
++ { 0x0EBA, 0x0EBA },
++ { 0x0EBE, 0x0EBF },
++ { 0x0EC5, 0x0EC5 },
++ { 0x0EC7, 0x0EC7 },
++ { 0x0ECE, 0x0ECF },
++ { 0x0EDA, 0x0EDB },
++ { 0x0EE0, 0x0EFF },
++ { 0x0F48, 0x0F48 },
++ { 0x0F6D, 0x0F70 },
++ { 0x0F98, 0x0F98 },
++ { 0x0FBD, 0x0FBD },
++ { 0x0FCD, 0x0FCD },
++ { 0x0FDB, 0x0FFF },
++ { 0x10C6, 0x10C6 },
++ { 0x10C8, 0x10CC },
++ { 0x10CE, 0x10CF },
++ { 0x1249, 0x1249 },
++ { 0x124E, 0x124F },
++ { 0x1257, 0x1257 },
++ { 0x1259, 0x1259 },
++ { 0x125E, 0x125F },
++ { 0x1289, 0x1289 },
++ { 0x128E, 0x128F },
++ { 0x12B1, 0x12B1 },
++ { 0x12B6, 0x12B7 },
++ { 0x12BF, 0x12BF },
++ { 0x12C1, 0x12C1 },
++ { 0x12C6, 0x12C7 },
++ { 0x12D7, 0x12D7 },
++ { 0x1311, 0x1311 },
++ { 0x1316, 0x1317 },
++ { 0x135B, 0x135C },
++ { 0x137D, 0x137F },
++ { 0x139A, 0x139F },
++ { 0x13F5, 0x13FF },
++ { 0x169D, 0x169F },
++ { 0x16F1, 0x16FF },
++ { 0x170D, 0x170D },
++ { 0x1715, 0x171F },
++ { 0x1737, 0x173F },
++ { 0x1754, 0x175F },
++ { 0x176D, 0x176D },
++ { 0x1771, 0x1771 },
++ { 0x1774, 0x177F },
++ { 0x17DE, 0x17DF },
++ { 0x17EA, 0x17EF },
++ { 0x17FA, 0x17FF },
++ { 0x180F, 0x180F },
++ { 0x181A, 0x181F },
++ { 0x1878, 0x187F },
++ { 0x18AB, 0x18AF },
++ { 0x18F6, 0x18FF },
++ { 0x191D, 0x191F },
++ { 0x192C, 0x192F },
++ { 0x193C, 0x193F },
++ { 0x1941, 0x1943 },
++ { 0x196E, 0x196F },
++ { 0x1975, 0x197F },
++ { 0x19AC, 0x19AF },
++ { 0x19CA, 0x19CF },
++ { 0x19DB, 0x19DD },
++ { 0x1A1C, 0x1A1D },
++ { 0x1A5F, 0x1A5F },
++ { 0x1A7D, 0x1A7E },
++ { 0x1A8A, 0x1A8F },
++ { 0x1A9A, 0x1A9F },
++ { 0x1AAE, 0x1AFF },
++ { 0x1B4C, 0x1B4F },
++ { 0x1B7D, 0x1B7F },
++ { 0x1BF4, 0x1BFB },
++ { 0x1C38, 0x1C3A },
++ { 0x1C4A, 0x1C4C },
++ { 0x1C80, 0x1CBF },
++ { 0x1CC8, 0x1CCF },
++ { 0x1CF7, 0x1CFF },
++ { 0x1DE7, 0x1DFB },
++ { 0x1F16, 0x1F17 },
++ { 0x1F1E, 0x1F1F },
++ { 0x1F46, 0x1F47 },
++ { 0x1F4E, 0x1F4F },
++ { 0x1F58, 0x1F58 },
++ { 0x1F5A, 0x1F5A },
++ { 0x1F5C, 0x1F5C },
++ { 0x1F5E, 0x1F5E },
++ { 0x1F7E, 0x1F7F },
++ { 0x1FB5, 0x1FB5 },
++ { 0x1FC5, 0x1FC5 },
++ { 0x1FD4, 0x1FD5 },
++ { 0x1FDC, 0x1FDC },
++ { 0x1FF0, 0x1FF1 },
++ { 0x1FF5, 0x1FF5 },
++ { 0x1FFF, 0x1FFF },
++ { 0x2065, 0x2069 },
++ { 0x2072, 0x2073 },
++ { 0x208F, 0x208F },
++ { 0x209D, 0x209F },
++ { 0x20BB, 0x20CF },
++ { 0x20F1, 0x20FF },
++ { 0x218A, 0x218F },
++ { 0x23F4, 0x23FF },
++ { 0x2427, 0x243F },
++ { 0x244B, 0x245F },
++ { 0x2700, 0x2700 },
++ { 0x2B4D, 0x2B4F },
++ { 0x2B5A, 0x2BFF },
++ { 0x2C2F, 0x2C2F },
++ { 0x2C5F, 0x2C5F },
++ { 0x2CF4, 0x2CF8 },
++ { 0x2D26, 0x2D26 },
++ { 0x2D28, 0x2D2C },
++ { 0x2D2E, 0x2D2F },
++ { 0x2D68, 0x2D6E },
++ { 0x2D71, 0x2D7E },
++ { 0x2D97, 0x2D9F },
++ { 0x2DA7, 0x2DA7 },
++ { 0x2DAF, 0x2DAF },
++ { 0x2DB7, 0x2DB7 },
++ { 0x2DBF, 0x2DBF },
++ { 0x2DC7, 0x2DC7 },
++ { 0x2DCF, 0x2DCF },
++ { 0x2DD7, 0x2DD7 },
++ { 0x2DDF, 0x2DDF },
++ { 0x2E3C, 0x2E7F },
++ { 0x2E9A, 0x2E9A },
++ { 0x2EF4, 0x2EFF },
++ { 0x2FD6, 0x2FEF },
++ { 0x2FFC, 0x2FFF },
++ { 0x3040, 0x3040 },
++ { 0x3097, 0x3098 },
++ { 0x3100, 0x3104 },
++ { 0x312E, 0x3130 },
++ { 0x318F, 0x318F },
++ { 0x31BB, 0x31BF },
++ { 0x31E4, 0x31EF },
++ { 0x321F, 0x321F },
++ { 0x32FF, 0x32FF },
++ { 0x4DB6, 0x4DBF },
++ { 0x9FA6, 0x9FCB },
++ { 0x9FCD, 0x9FFF },
++ { 0xA48D, 0xA48F },
++ { 0xA4C7, 0xA4CF },
++ { 0xA62C, 0xA63F },
++ { 0xA698, 0xA69E },
++ { 0xA6F8, 0xA6FF },
++ { 0xA78F, 0xA78F },
++ { 0xA794, 0xA79F },
++ { 0xA7AB, 0xA7F7 },
++ { 0xA82C, 0xA82F },
++ { 0xA83A, 0xA83F },
++ { 0xA878, 0xA87F },
++ { 0xA8C5, 0xA8CD },
++ { 0xA8DA, 0xA8DF },
++ { 0xA8FC, 0xA8FF },
++ { 0xA954, 0xA95E },
++ { 0xA97D, 0xA97F },
++ { 0xA9CE, 0xA9CE },
++ { 0xA9DA, 0xA9DD },
++ { 0xA9E0, 0xA9FF },
++ { 0xAA37, 0xAA3F },
++ { 0xAA4E, 0xAA4F },
++ { 0xAA5A, 0xAA5B },
++ { 0xAA7C, 0xAA7F },
++ { 0xAAC3, 0xAADA },
++ { 0xAAF7, 0xAB00 },
++ { 0xAB07, 0xAB08 },
++ { 0xAB0F, 0xAB10 },
++ { 0xAB17, 0xAB1F },
++ { 0xAB27, 0xAB27 },
++ { 0xAB2F, 0xABBF },
++ { 0xABEE, 0xABEF },
++ { 0xABFA, 0xABFF },
++ { 0xD7A4, 0xD7AF },
++ { 0xD7C7, 0xD7CA },
++ { 0xD7FC, 0xD7FF },
++ { 0xFA6E, 0xFA6F },
++ { 0xFADA, 0xFAFF },
++ { 0xFB07, 0xFB12 },
++ { 0xFB18, 0xFB1C },
++ { 0xFB37, 0xFB37 },
++ { 0xFB3D, 0xFB3D },
++ { 0xFB3F, 0xFB3F },
++ { 0xFB42, 0xFB42 },
++ { 0xFB45, 0xFB45 },
++ { 0xFBC2, 0xFBD2 },
++ { 0xFD40, 0xFD4F },
++ { 0xFD90, 0xFD91 },
++ { 0xFDC8, 0xFDCF },
++ { 0xFDFE, 0xFDFF },
++ { 0xFE1A, 0xFE1F },
++ { 0xFE27, 0xFE2F },
++ { 0xFE53, 0xFE53 },
++ { 0xFE67, 0xFE67 },
++ { 0xFE6C, 0xFE6F },
++ { 0xFE75, 0xFE75 },
++ { 0xFEFD, 0xFEFE },
++ { 0xFF00, 0xFF00 },
++ { 0xFFBF, 0xFFC1 },
++ { 0xFFC8, 0xFFC9 },
++ { 0xFFD0, 0xFFD1 },
++ { 0xFFD8, 0xFFD9 },
++ { 0xFFDD, 0xFFDF },
++ { 0xFFE7, 0xFFE7 },
++ { 0xFFEF, 0xFFF8 },
++ { 0x1000C, 0x1000C },
++ { 0x10027, 0x10027 },
++ { 0x1003B, 0x1003B },
++ { 0x1003E, 0x1003E },
++ { 0x1004E, 0x1004F },
++ { 0x1005E, 0x1007F },
++ { 0x100FB, 0x100FF },
++ { 0x10103, 0x10106 },
++ { 0x10134, 0x10136 },
++ { 0x1018B, 0x1018F },
++ { 0x1019C, 0x101CF },
++ { 0x101FE, 0x1027F },
++ { 0x1029D, 0x1029F },
++ { 0x102D1, 0x102FF },
++ { 0x1031F, 0x1031F },
++ { 0x10324, 0x1032F },
++ { 0x1034B, 0x1037F },
++ { 0x1039E, 0x1039E },
++ { 0x103C4, 0x103C7 },
++ { 0x103D6, 0x103FF },
++ { 0x1049E, 0x1049F },
++ { 0x104AA, 0x107FF },
++ { 0x10806, 0x10807 },
++ { 0x10809, 0x10809 },
++ { 0x10836, 0x10836 },
++ { 0x10839, 0x1083B },
++ { 0x1083D, 0x1083E },
++ { 0x10856, 0x10856 },
++ { 0x10860, 0x108FF },
++ { 0x1091C, 0x1091E },
++ { 0x1093A, 0x1093E },
++ { 0x10940, 0x1097F },
++ { 0x109B8, 0x109BD },
++ { 0x109C0, 0x109FF },
++ { 0x10A04, 0x10A04 },
++ { 0x10A07, 0x10A0B },
++ { 0x10A14, 0x10A14 },
++ { 0x10A18, 0x10A18 },
++ { 0x10A34, 0x10A37 },
++ { 0x10A3B, 0x10A3E },
++ { 0x10A48, 0x10A4F },
++ { 0x10A59, 0x10A5F },
++ { 0x10A80, 0x10AFF },
++ { 0x10B36, 0x10B38 },
++ { 0x10B56, 0x10B57 },
++ { 0x10B73, 0x10B77 },
++ { 0x10B80, 0x10BFF },
++ { 0x10C49, 0x10E5F },
++ { 0x10E7F, 0x10FFF },
++ { 0x1104E, 0x11051 },
++ { 0x11070, 0x1107F },
++ { 0x110C2, 0x110CF },
++ { 0x110E9, 0x110EF },
++ { 0x110FA, 0x110FF },
++ { 0x11135, 0x11135 },
++ { 0x11144, 0x1117F },
++ { 0x111C9, 0x111CF },
++ { 0x111DA, 0x1167F },
++ { 0x116B8, 0x116BF },
++ { 0x116CA, 0x11FFF },
++ { 0x1236F, 0x123FF },
++ { 0x12463, 0x1246F },
++ { 0x12474, 0x12FFF },
++ { 0x1342F, 0x167FF },
++ { 0x16A39, 0x16EFF },
++ { 0x16F45, 0x16F4F },
++ { 0x16F7F, 0x16F8E },
++ { 0x16FA0, 0x1AFFF },
++ { 0x1B002, 0x1CFFF },
++ { 0x1D0F6, 0x1D0FF },
++ { 0x1D127, 0x1D128 },
++ { 0x1D1DE, 0x1D1FF },
++ { 0x1D246, 0x1D2FF },
++ { 0x1D357, 0x1D35F },
++ { 0x1D372, 0x1D3FF },
++ { 0x1D455, 0x1D455 },
++ { 0x1D49D, 0x1D49D },
++ { 0x1D4A0, 0x1D4A1 },
++ { 0x1D4A3, 0x1D4A4 },
++ { 0x1D4A7, 0x1D4A8 },
++ { 0x1D4AD, 0x1D4AD },
++ { 0x1D4BA, 0x1D4BA },
++ { 0x1D4BC, 0x1D4BC },
++ { 0x1D4C4, 0x1D4C4 },
++ { 0x1D506, 0x1D506 },
++ { 0x1D50B, 0x1D50C },
++ { 0x1D515, 0x1D515 },
++ { 0x1D51D, 0x1D51D },
++ { 0x1D53A, 0x1D53A },
++ { 0x1D53F, 0x1D53F },
++ { 0x1D545, 0x1D545 },
++ { 0x1D547, 0x1D549 },
++ { 0x1D551, 0x1D551 },
++ { 0x1D6A6, 0x1D6A7 },
++ { 0x1D7CC, 0x1D7CD },
++ { 0x1D800, 0x1EDFF },
++ { 0x1EE04, 0x1EE04 },
++ { 0x1EE20, 0x1EE20 },
++ { 0x1EE23, 0x1EE23 },
++ { 0x1EE25, 0x1EE26 },
++ { 0x1EE28, 0x1EE28 },
++ { 0x1EE33, 0x1EE33 },
++ { 0x1EE38, 0x1EE38 },
++ { 0x1EE3A, 0x1EE3A },
++ { 0x1EE3C, 0x1EE41 },
++ { 0x1EE43, 0x1EE46 },
++ { 0x1EE48, 0x1EE48 },
++ { 0x1EE4A, 0x1EE4A },
++ { 0x1EE4C, 0x1EE4C },
++ { 0x1EE50, 0x1EE50 },
++ { 0x1EE53, 0x1EE53 },
++ { 0x1EE55, 0x1EE56 },
++ { 0x1EE58, 0x1EE58 },
++ { 0x1EE5A, 0x1EE5A },
++ { 0x1EE5C, 0x1EE5C },
++ { 0x1EE5E, 0x1EE5E },
++ { 0x1EE60, 0x1EE60 },
++ { 0x1EE63, 0x1EE63 },
++ { 0x1EE65, 0x1EE66 },
++ { 0x1EE6B, 0x1EE6B },
++ { 0x1EE73, 0x1EE73 },
++ { 0x1EE78, 0x1EE78 },
++ { 0x1EE7D, 0x1EE7D },
++ { 0x1EE7F, 0x1EE7F },
++ { 0x1EE8A, 0x1EE8A },
++ { 0x1EE9C, 0x1EEA0 },
++ { 0x1EEA4, 0x1EEA4 },
++ { 0x1EEAA, 0x1EEAA },
++ { 0x1EEBC, 0x1EEEF },
++ { 0x1EEF2, 0x1EFFF },
++ { 0x1F02C, 0x1F02F },
++ { 0x1F094, 0x1F09F },
++ { 0x1F0AF, 0x1F0B0 },
++ { 0x1F0BF, 0x1F0C0 },
++ { 0x1F0D0, 0x1F0D0 },
++ { 0x1F0E0, 0x1F0FF },
++ { 0x1F10B, 0x1F10F },
++ { 0x1F12F, 0x1F12F },
++ { 0x1F16C, 0x1F16F },
++ { 0x1F19B, 0x1F1E5 },
++ { 0x1F203, 0x1F20F },
++ { 0x1F23B, 0x1F23F },
++ { 0x1F249, 0x1F24F },
++ { 0x1F252, 0x1F2FF },
++ { 0x1F321, 0x1F32F },
++ { 0x1F336, 0x1F336 },
++ { 0x1F37D, 0x1F37F },
++ { 0x1F394, 0x1F39F },
++ { 0x1F3C5, 0x1F3C5 },
++ { 0x1F3CB, 0x1F3DF },
++ { 0x1F3F1, 0x1F3FF },
++ { 0x1F43F, 0x1F43F },
++ { 0x1F441, 0x1F441 },
++ { 0x1F4F8, 0x1F4F8 },
++ { 0x1F4FD, 0x1F4FF },
++ { 0x1F53E, 0x1F53F },
++ { 0x1F544, 0x1F54F },
++ { 0x1F568, 0x1F5FA },
++ { 0x1F641, 0x1F644 },
++ { 0x1F650, 0x1F67F },
++ { 0x1F6C6, 0x1F6FF },
++ { 0x1F774, 0x1FFFD },
++ { 0x2A6D7, 0x2A6FF },
++ { 0x2A701, 0x2B733 },
++ { 0x2B735, 0x2B73F },
++ { 0x2B741, 0x2B81C },
++ { 0x2B81E, 0x2F7FF },
++ { 0x2FA1E, 0x2FFFD },
++ { 0x30000, 0x3FFFD },
++ { 0x40000, 0x4FFFD },
++ { 0x50000, 0x5FFFD },
++ { 0x60000, 0x6FFFD },
++ { 0x70000, 0x7FFFD },
++ { 0x80000, 0x8FFFD },
++ { 0x90000, 0x9FFFD },
++ { 0xA0000, 0xAFFFD },
++ { 0xB0000, 0xBFFFD },
++ { 0xC0000, 0xCFFFD },
++ { 0xD0000, 0xDFFFD },
++ { 0xE0000, 0xE0000 },
++ { 0xE0002, 0xE001F },
++ { 0xE0080, 0xE00FF },
++ { 0xE01F0, 0xEFFFD },
++};
++
++/* RFC3454 Table B.1 */
++static const struct u32_range map_to_nothing[] = {
++ { 0x00AD, 0x00AD },
++ { 0x034F, 0x034F },
++ { 0x1806, 0x1806 },
++ { 0x180B, 0x180D },
++ { 0x200B, 0x200D },
++ { 0x2060, 0x2060 },
++ { 0xFE00, 0xFE0F },
++ { 0xFEFF, 0xFEFF },
++};
++
++/* Local: allow tab, CR and LF */
++static const struct u32_range whitelist[] = {
++ { 0x09, 0x09 },
++ { 0x0a, 0x0a },
++ { 0x0d, 0x0d },
++};
++
++/* RFC3454 Tables in appendix C */
++static const struct u32_range prohibited[] = {
++ /* C.2.1 ASCII control characters */
++ { 0x0000, 0x001F },
++ { 0x007F, 0x007F },
++ /* C.2.2 Non-ASCII control characters */
++ { 0x0080, 0x009F },
++ { 0x06DD, 0x06DD },
++ { 0x070F, 0x070F },
++ { 0x180E, 0x180E },
++ { 0x200C, 0x200C },
++ { 0x200D, 0x200D },
++ { 0x2028, 0x2028 },
++ { 0x2029, 0x2029 },
++ { 0x2060, 0x2060 },
++ { 0x2061, 0x2061 },
++ { 0x2062, 0x2062 },
++ { 0x2063, 0x2063 },
++ { 0x206A, 0x206F },
++ { 0xFEFF, 0xFEFF },
++ { 0xFFF9, 0xFFFC },
++ { 0x1D173, 0x1D17A },
++ /* C.3 Private use */
++ { 0xE000, 0xF8FF },
++ { 0xF0000, 0xFFFFD },
++ { 0x100000, 0x10FFFD },
++ /* C.4 Non-character code points */
++ { 0xFDD0, 0xFDEF },
++ { 0xFFFE, 0xFFFF },
++ { 0x1FFFE, 0x1FFFF },
++ { 0x2FFFE, 0x2FFFF },
++ { 0x3FFFE, 0x3FFFF },
++ { 0x4FFFE, 0x4FFFF },
++ { 0x5FFFE, 0x5FFFF },
++ { 0x6FFFE, 0x6FFFF },
++ { 0x7FFFE, 0x7FFFF },
++ { 0x8FFFE, 0x8FFFF },
++ { 0x9FFFE, 0x9FFFF },
++ { 0xAFFFE, 0xAFFFF },
++ { 0xBFFFE, 0xBFFFF },
++ { 0xCFFFE, 0xCFFFF },
++ { 0xDFFFE, 0xDFFFF },
++ { 0xEFFFE, 0xEFFFF },
++ { 0xFFFFE, 0xFFFFF },
++ { 0x10FFFE, 0x10FFFF },
++ /* C.5 Surrogate codes */
++ { 0xD800, 0xDFFF },
++ /* C.6 Inappropriate for plain text */
++ { 0xFFF9, 0xFFF9 },
++ { 0xFFFA, 0xFFFA },
++ { 0xFFFB, 0xFFFB },
++ { 0xFFFC, 0xFFFC },
++ { 0xFFFD, 0xFFFD },
++ /* C.7 Inappropriate for canonical representation */
++ { 0x2FF0, 0x2FFB },
++ /* C.8 Change display properties or are deprecated */
++ { 0x0340, 0x0340 },
++ { 0x0341, 0x0341 },
++ { 0x200E, 0x200E },
++ { 0x200F, 0x200F },
++ { 0x202A, 0x202A },
++ { 0x202B, 0x202B },
++ { 0x202C, 0x202C },
++ { 0x202D, 0x202D },
++ { 0x202E, 0x202E },
++ { 0x206A, 0x206A },
++ { 0x206B, 0x206B },
++ { 0x206C, 0x206C },
++ { 0x206D, 0x206D },
++ { 0x206E, 0x206E },
++ { 0x206F, 0x206F },
++ /* C.9 Tagging characters */
++ { 0xE0001, 0xE0001 },
++ { 0xE0020, 0xE007F },
++};
++
+diff --git a/utf8_stringprep.c b/utf8_stringprep.c
+new file mode 100644
+index 0000000..bcafae7
+--- /dev/null
++++ b/utf8_stringprep.c
+@@ -0,0 +1,229 @@
++/*
++ * Copyright (c) 2013 Damien Miller <djm at mindrot.org>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++/*
++ * This is a simple RFC3454 stringprep profile to sanitise UTF-8 strings
++ * from untrusted sources.
++ *
++ * It is intended to be used prior to display of untrusted strings only.
++ * It should not be used for logging because of bi-di ambiguity. It
++ * should also not be used in any case where lack of normalisation may
++ * cause problems.
++ *
++ * This profile uses the prohibition and mapping tables from RFC3454
++ * (listed below) but the unassigned character table has been updated to
++ * Unicode 6.2. It uses a local whitelist of whitespace characters (\n,
++ * \a and \t). Unicode normalisation and bi-di testing are not used.
++ *
++ * XXX: implement bi-di handling (needed for logs)
++ * XXX: implement KC normalisation (needed for passing to libs/syscalls)
++ */
++
++#include <sys/types.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <limits.h>
++#include <ctype.h>
++
++#include "misc.h"
++
++struct u32_range {
++ u_int32_t lo, hi; /* Inclusive */
++};
++
++#include "stringprep-tables.c"
++
++/* Returns 1 if code 'c' appears in the table or 0 otherwise */
++static int
++code_in_table(u_int32_t c, const struct u32_range *table, size_t tlen)
++{
++ const struct u32_range *e, *end = (void *)(tlen + (char *)table);
++
++ for (e = table; e < end; e++) {
++ if (c >= e->lo && c <= e->hi)
++ return 1;
++ }
++ return 0;
++}
++
++/*
++ * Decode the next valid UCS character from a UTF-8 string, skipping past bad
++ * codes. Returns the decoded character or 0 for end-of-string and updates
++ * nextc to point to the start of the next character (if any).
++ * had_error is set if an invalid code was encountered.
++ */
++static u_int32_t
++decode_utf8(const char *in, const char **nextc, int *had_error)
++{
++ int state = 0;
++ size_t i;
++ u_int32_t c, e;
++
++ e = c = 0;
++ for (i = 0; in[i] != '\0'; i++) {
++ e = (u_char)in[i];
++ /* Invalid code point state */
++ if (state == -1) {
++ /*
++ * Continue eating continuation characters until
++ * a new start character comes along.
++ */
++ if ((e & 0xc0) == 0x80)
++ continue;
++ state = 0;
++ }
++
++ /* New code point state */
++ if (state == 0) {
++ if ((e & 0x80) == 0) { /* 7 bit code */
++ c = e & 0x7f;
++ goto have_code;
++ } else if ((e & 0xe0) == 0xc0) { /* 11 bit code point */
++ state = 1;
++ c = (e & 0x1f) << 6;
++ } else if ((e & 0xf0) == 0xe0) { /* 16 bit code point */
++ state = 2;
++ c = (e & 0xf) << 12;
++ } else if ((e & 0xf8) == 0xf0) { /* 21 bit code point */
++ state = 3;
++ c = (e & 0x7) << 18;
++ } else {
++ /* A five or six byte header, or 0xff */
++ goto bad_encoding;
++ }
++ /*
++ * Check that the header byte has some non-zero data
++ * after masking off the length marker. If not it is
++ * an invalid encoding.
++ */
++ if (c == 0) {
++ bad_encoding:
++ c = 0;
++ state = -1;
++ if (had_error != NULL)
++ *had_error = 1;
++ }
++ continue;
++ }
++
++ /* Sanity check: should never happen */
++ if (state < 1 || state > 5) {
++ *nextc = NULL;
++ if (had_error != NULL)
++ *had_error = 1;
++ return 0;
++ }
++ /* Multibyte code point state */
++ state--;
++ c |= (e & 0x3f) << (state * 6);
++ if (state > 0)
++ continue;
++
++ /* RFC3629 bans codepoints > U+10FFFF */
++ if (c > 0x10FFFF) {
++ if (had_error != NULL)
++ *had_error = 1;
++ continue;
++ }
++ have_code:
++ *nextc = in + i + 1;
++ return c;
++ }
++ if (state != 0 && had_error != NULL)
++ *had_error = 1;
++ *nextc = in + i;
++ return 0;
++}
++
++/*
++ * Attempt to encode a UCS character as a UTF-8 sequence. Returns the number
++ * of characters used or -1 on error (insufficient space or bad code).
++ */
++static int
++encode_utf8(u_int32_t c, char *s, size_t slen)
++{
++ size_t i, need;
++ u_char h;
++
++ if (c < 0x80) {
++ if (slen >= 1) {
++ s[0] = (char)c;
++ }
++ return 1;
++ } else if (c < 0x800) {
++ need = 2;
++ h = 0xc0;
++ } else if (c < 0x10000) {
++ need = 3;
++ h = 0xe0;
++ } else if (c < 0x200000) {
++ need = 4;
++ h = 0xf0;
++ } else {
++ /* Invalid code point > U+10FFFF */
++ return -1;
++ }
++ if (need > slen)
++ return -1;
++ for (i = 0; i < need; i++) {
++ s[i] = (i == 0 ? h : 0x80);
++ s[i] |= (c >> (need - i - 1) * 6) & 0x3f;
++ }
++ return need;
++}
++
++
++/*
++ * Normalise a UTF-8 string using the RFC3454 stringprep algorithm.
++ * Returns 0 on success or -1 on failure (prohibited code or insufficient
++ * length in the output string.
++ * Requires an output buffer at most the same length as the input.
++ */
++int
++utf8_stringprep(const char *in, char *out, size_t olen)
++{
++ int r;
++ size_t o;
++ u_int32_t c;
++
++ if (olen < 1)
++ return -1;
++
++ for (o = 0; (c = decode_utf8(in, &in, NULL)) != 0;) {
++ /* Mapping */
++ if (code_in_table(c, map_to_nothing, sizeof(map_to_nothing)))
++ continue;
++
++ /* Prohibitied output */
++ if (code_in_table(c, prohibited, sizeof(prohibited)) &&
++ !code_in_table(c, whitelist, sizeof(whitelist)))
++ return -1;
++
++ /* Map unassigned code points to U+FFFD */
++ if (code_in_table(c, unassigned, sizeof(unassigned)))
++ c = 0xFFFD;
++
++ /* Encode the character */
++ r = encode_utf8(c, out + o, olen - o - 1);
++ if (r < 0)
++ return -1;
++ o += r;
++ }
++ out[o] = '\0';
++ return 0;
++}
++
More information about the scm-commits
mailing list