From 19d392b8d7df924cd752b4f977878d6a7eebd83e Mon Sep 17 00:00:00 2001 From: Cyril Brulebois Date: Fri, 12 Nov 2010 19:26:44 +0100 Subject: [PATCH] Add 03_iceauth_manpage_commands.patch. Documents iceauth commands more fully. Also fixes fd.o bug # 2354. Closes: #509837 Rescue patch by David Nusinow in a forgotten debian-experimental branch, even though it needs to be refreshed. --- debian/changelog | 8 + .../patches/03_iceauth_manpage_commands.patch | 112 ++++++++++++ debian/patches/series | 1 + sessreg/sessreg.c | 164 ++++++++++++++++-- 4 files changed, 273 insertions(+), 12 deletions(-) create mode 100644 debian/patches/03_iceauth_manpage_commands.patch diff --git a/debian/changelog b/debian/changelog index de196bb..cb5393b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +x11-xserver-utils (7.6~2) UNRELEASED; urgency=low + + [ David Nusinow ] + * Add 03_iceauth_manpage_commands.patch. Documents iceauth commands more + fully. Also fixes fd.o bug # 2354. Closes: #509837 + + -- Cyril Brulebois Fri, 12 Nov 2010 19:28:04 +0100 + x11-xserver-utils (7.6~1) experimental; urgency=low * New upstream release candidate: X11R7.6 RC1. diff --git a/debian/patches/03_iceauth_manpage_commands.patch b/debian/patches/03_iceauth_manpage_commands.patch new file mode 100644 index 0000000..2d692d4 --- /dev/null +++ b/debian/patches/03_iceauth_manpage_commands.patch @@ -0,0 +1,112 @@ +From 3deeff7e94fc6400b8e5d4cfb32a5e95b22318bc Mon Sep 17 00:00:00 2001 +From: David Nusinow +Date: Tue, 3 Feb 2009 21:35:30 -0500 +Subject: [PATCH] Make iceauth manpage describe commands. (fd.o bug#2354) + +--- + iceauth.man | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 files changed, 85 insertions(+), 1 deletions(-) + +diff --git a/iceauth/iceauth.man b/iceauth/iceauth.man +index 6a8d32f..c967eb4 100644 +--- a/iceauth/iceauth.man ++++ b/iceauth/iceauth.man +@@ -1,4 +1,4 @@ +-.\" $Xorg: iceauth.man,v 1.4 2001/02/09 02:05:31 xorgcvs Exp $ ++m.\" $Xorg: iceauth.man,v 1.4 2001/02/09 02:05:31 xorgcvs Exp $ + .\" Copyright 1994, 1998 The Open Group + .\" + .\" Permission to use, copy, modify, distribute, and sell this software and its +@@ -39,5 +39,89 @@ used to extract authorization records from one machine and merge them in on + another (as is the case when using remote logins or granting access to + other users). Commands (described below) may be entered interactively, + on the \fIiceauth\fP command line, or in scripts. ++.SH OPTIONS ++.PP ++\fB\-f\fP \fIauthfile\fP Name of the authority file to use. Will default to ++ the file currently in use by the session. ++.PP ++\fB\-v\fP Turns on extra messages (verbose mode) ++.PP ++\fB\-q\fP Turns off extra messages (quiet mode) ++.PP ++\fB\-i\fP Ignore the locks on the authority file ++.PP ++\fB\-b\fP Break the locks on the authority file ++.PP ++\fB\-u\fP Print basic usage instructions ++.PP ++.SH USAGE ++.PP ++When \fIiceauth\fP is run it will allow the following set of commands ++to be entered interactively or in scripts. ++.PP ++\fB?\fP ++.PP ++List available commands. ++.PP ++\fBhelp\fP ++.PP ++Print help information. You may supply a command name to \fIhelp\fP to ++get specific information about it. ++.PP ++\fBinfo\fP ++.PP ++Print information about the entries in the authority file. ++.PP ++\fBlist\fP ++.PP ++List (print) entries in the authority file. You may specify optional ++modifiers as below to specify which entries are listed. ++.PP ++\fIlist\fP [ \fIprotocol_name\fP ] [ \fIprotocol_data\fP ] [ ++\fInetid\fP ] [ \fIauthname\fP ] ++.PP ++\fBadd\fP ++.PP ++Add an entry to the authority file. This must be in the format ++.PP ++\fIadd\fP \fIprotocol_name\fP \fIprotocol_data\fP \fInetid\fP \fIauthname\fP \fIauthdata\fP ++.PP ++\fBremove\fP ++.PP ++Remove entries from the authority file. ++.PP ++\fIremove\fP [ \fIprotocol_name\fP ] [ \fIprotocol_data\fP ] [ ++\fInetid\fP ] [ \fIauthname\fP ] ++.PP ++\fBextract\fP ++.PP ++Extract entries from the authority file in to a destination file. You ++must supply the path to the destination to this command as in the ++following format. Optional specifiers allow you to narrow which ++entries are extracted. ++.PP ++\fIextract\fP \fIfilename\fP [ \fIprotocol_name\fP ] [ \fIprotocol_data\fP ] ++[ \fInetid\fP ] [ \fIauthname\fP ] ++.PP ++\fBmerge\fP ++.PP ++Merge entries from other files in to the authority file selected by the program. You may supply any number of file paths to this command as follows: ++.PP ++\fImerge\fP \fIfilename1\fP [ \fIfilename2\fP ] [ \fIfilename3\fP ] ... ++.PP ++\fBexit\fP ++.PP ++Save changes and exit the program. ++.PP ++\fBquit\fP ++.PP ++Abort changes and exit the program without saving. ++.PP ++\fBsource\fP ++.PP ++Read and execute commands from a file. ++.PP ++\fIsource\fP \fIfilename\fP ++.PP + .SH AUTHOR + Ralph Mor, X Consortium +-- +1.5.6.5 + diff --git a/debian/patches/series b/debian/patches/series index 2044539..578bcfb 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ 01_sessreg_implement_hostname_hashing.diff +03_iceauth_manpage_commands.patch diff --git a/sessreg/sessreg.c b/sessreg/sessreg.c index 3dc2992..cfe7e86 100644 --- a/sessreg/sessreg.c +++ b/sessreg/sessreg.c @@ -93,6 +93,18 @@ static void set_utmpx (struct utmpx *u, const char *line, const char *user, const char *host, Time_t date, int addp); #endif +#ifdef SYSV +/* used for hashing ut_id */ +typedef unsigned long int ub4; /* unsigned 4-byte quantities */ +typedef unsigned char ub1; /* unsigned 1-byte quantities */ + +#define hashsize(n) ((ub4)1<<(n)) +#define hashmask(n) (hashsize(n)-1) + +ub4 hash(register ub1 *k, register ub4 length, register ub4 initval); + +#endif + static int wflag, uflag, lflag; static char *wtmp_file, *utmp_file, *line; #ifdef USE_UTMPX @@ -404,21 +416,23 @@ set_utmp (struct utmp *u, char *line, char *user, char *host, Time_t date, int a bzero (u->ut_name, sizeof (u->ut_name)); #ifdef SYSV if (line) { - int i; /* - * this is a bit crufty, but - * follows the apparent conventions in - * the ttys file. ut_id is only 4 bytes - * long, and the last 4 bytes of the line - * name are written into it, left justified. + * The ut_id is 4 bytes long. We make a hash of the line + * received, preceding it by ":" to prevent clashing with + * other ut_ids. */ - i = strlen (line); - if (i >= sizeof (u->ut_id)) - i -= sizeof (u->ut_id); - else - i = 0; - (void) strncpy (u->ut_id, line + i, sizeof (u->ut_id)); + ub4 h; + u->ut_id[0]=':'; + h = hash(line, strlen(line),0x9e3779b9); + h = (h & hashmask((sizeof(u->ut_id)-sizeof(char))*8)); + (void) strncpy (u->ut_id + 1,(char *) &h, sizeof (u->ut_id)-sizeof(char)); } else + /* + * From utmp(5): + * Clearing ut_id may result in race conditions leading to corrupted + * utmp entries and and potential security holes. + */ + /* TODO: CHECK this */ bzero (u->ut_id, sizeof (u->ut_id)); if (addp) { u->ut_pid = getppid (); @@ -662,3 +676,129 @@ findslot (char *line_name, char *host_name, int addp, int slot) return freeslot; } #endif + +#ifdef SYSV +/* +-------------------------------------------------------------------- +mix -- mix 3 32-bit values reversibly. +For every delta with one or two bits set, and the deltas of all three + high bits or all three low bits, whether the original value of a,b,c + is almost all zero or is uniformly distributed, +* If mix() is run forward or backward, at least 32 bits in a,b,c + have at least 1/4 probability of changing. +* If mix() is run forward, every bit of c will change between 1/3 and + 2/3 of the time. (Well, 22/100 and 78/100 for some 2-bit deltas.) +mix() was built out of 36 single-cycle latency instructions in a + structure that could supported 2x parallelism, like so: + a -= b; + a -= c; x = (c>>13); + b -= c; a ^= x; + b -= a; x = (a<<8); + c -= a; b ^= x; + c -= b; x = (b>>13); + ... + Unfortunately, superscalar Pentiums and Sparcs can't take advantage + of that parallelism. They've also turned some of those single-cycle + latency instructions into multi-cycle latency instructions. Still, + this is the fastest good hash I could find. There were about 2^^68 + to choose from. I only looked at a billion or so. +-------------------------------------------------------------------- +*/ +#define mix(a,b,c) \ +{ \ + a -= b; a -= c; a ^= (c>>13); \ + b -= c; b -= a; b ^= (a<<8); \ + c -= a; c -= b; c ^= (b>>13); \ + a -= b; a -= c; a ^= (c>>12); \ + b -= c; b -= a; b ^= (a<<16); \ + c -= a; c -= b; c ^= (b>>5); \ + a -= b; a -= c; a ^= (c>>3); \ + b -= c; b -= a; b ^= (a<<10); \ + c -= a; c -= b; c ^= (b>>15); \ +} + +/* +-------------------------------------------------------------------- +hash() -- hash a variable-length key into a 32-bit value + k : the key (the unaligned variable-length array of bytes) + len : the length of the key, counting by bytes + initval : can be any 4-byte value +Returns a 32-bit value. Every bit of the key affects every bit of +the return value. Every 1-bit and 2-bit delta achieves avalanche. +About 6*len+35 instructions. + +The best hash table sizes are powers of 2. There is no need to do +mod a prime (mod is sooo slow!). If you need less than 32 bits, +use a bitmask. For example, if you need only 10 bits, do + h = (h & hashmask(10)); +In which case, the hash table should have hashsize(10) elements. + +If you are hashing n strings (ub1 **)k, do it like this: + for (i=0, h=0; i + Date: Thu, 27 May 2004 22:33:06 -0700 + To: Margarita Manterola + Subject: Re: Hash function + + The algorithm is public domain. I ask that I be referenced as the + source of the algorithm, but I can't enforce that, since being public + domain means I've reserved no rights at all. + +-- Branden Robinson, 2004-06-06] + +See http://burtleburtle.net/bob/hash/evahash.html +Use for hash table lookup, or anything where one collision in 2^^32 is +acceptable. Do NOT use for cryptographic purposes. +-------------------------------------------------------------------- +*/ + +ub4 +hash(register ub1 *k, register ub4 length, register ub4 initval) +{ + register ub4 a,b,c,len; + + /* Set up the internal state */ + len = length; + a = b = 0x9e3779b9; /* the golden ratio; an arbitrary value */ + c = initval; /* the previous hash value */ + + /*---------------------------------------- handle most of the key */ + while (len >= 12) + { + a += (k[0] +((ub4)k[1]<<8) +((ub4)k[2]<<16) +((ub4)k[3]<<24)); + b += (k[4] +((ub4)k[5]<<8) +((ub4)k[6]<<16) +((ub4)k[7]<<24)); + c += (k[8] +((ub4)k[9]<<8) +((ub4)k[10]<<16)+((ub4)k[11]<<24)); + mix(a,b,c); + k += 12; len -= 12; + } + + /*------------------------------------- handle the last 11 bytes */ + c += length; + switch(len) /* all the case statements fall through */ + { + case 11: c+=((ub4)k[10]<<24); + case 10: c+=((ub4)k[9]<<16); + case 9 : c+=((ub4)k[8]<<8); + /* the first byte of c is reserved for the length */ + case 8 : b+=((ub4)k[7]<<24); + case 7 : b+=((ub4)k[6]<<16); + case 6 : b+=((ub4)k[5]<<8); + case 5 : b+=k[4]; + case 4 : a+=((ub4)k[3]<<24); + case 3 : a+=((ub4)k[2]<<16); + case 2 : a+=((ub4)k[1]<<8); + case 1 : a+=k[0]; + /* case 0: nothing left to add */ + } + mix(a,b,c); + /*-------------------------------------------- report the result */ + return c; +} + +#endif