PLEASE TEST snapshots
Tim Rice
tim at multitalents.net
Sun Apr 14 06:08:28 EST 2002
On Sat, 13 Apr 2002, Kevin Steves wrote:
> On Sat, 13 Apr 2002, Tim Rice wrote:
> :> Tested building from cvs today on hp-ux 10.26. Once I applied my patch
> :> (<http://bugzilla.mindrot.org/showattachment.cgi?attach_id=67> to bug
> :> <http://bugzilla.mindrot.org/show_bug.cgi?id=184>), everything built and ran
> :> fine. Is there anyway I can get this patch commited for 3.2? If there is
> :> anything I can do to help get the patch accepted please let me know.
> :
> :A couple of questions about your patch.
> :
> :--- configure.ac.orig Fri Apr 12 20:57:56 2002
> :+++ configure.ac Sat Apr 13 10:01:51 2002
> :@@ -79,6 +79,23 @@
> :
> :+*-*-hpux10.26)
> :[snip]
> :+ AC_DEFINE(HAVE_SECUREWARE_PW)
>
> i'd prefer SecureWare here.
>
> :+ AC_DEFINE(BROKEN_LOGIN)
>
> i know i suggested this, but i think we need a better name for login that
> can't handle "--".
I'm sure whatever names you come up with will be fine.
>
> :+ AC_DEFINE(TRUSTED_HPUX)
>
> was this in the new patch?
Yes, i grabbed attachment 67 from bugzilla
>
> :Are all 10.26 machines trusted HP/UX?
>
> they are the HP-UX CMW variant. this patch also requires "uselogin=yes".
> there is also something called VVOS which might be something like 10.24 or
> 11.04 which is a hybrid multi-level/CMW thing.
Just wanted to make sure we don't have a 10.26 machines out there that
will choke on those AC_DEFINES
>
> :--- sshd.c.orig Tue Apr 9 20:19:04 2002
> :+++ sshd.c Sat Apr 13 10:01:52 2002
> :@@ -47,7 +47,10 @@
> : #include <openssl/dh.h>
> : #include <openssl/bn.h>
> : #include <openssl/md5.h>
> :-#include <openssl/rand.h>
> :^^ was this intentional?
> :+#ifdef HAVE_SECUREWARE_PW
> :+#include <sys/security.h>
> :+#include <prot.h>
> :+#endif
>
> there are some other issues. i'll try to check it out soon.
The patch seems to work fine on the SCO side.
I've attached a (slightly modified) diff -u version of attachment 67
--
Tim Rice Multitalents (707) 887-1469
tim at multitalents.net
-------------- next part --------------
--- acconfig.h.orig Thu Apr 11 20:35:40 2002
+++ acconfig.h Sat Apr 13 10:01:51 2002
@@ -16,7 +16,7 @@
#undef BROKEN_SYS_TERMIO_H
/* Define if you have SCO protected password database */
-#undef HAVE_SCO_PROTECTED_PW
+#undef HAVE_SECUREWARE_PW
/* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
/* from environment and PATH */
@@ -165,6 +165,9 @@
/* Some versions of /bin/login need the TERM supplied on the commandline */
#undef LOGIN_NEEDS_TERM
+/* Define if your login program hangs when launch with a "--" (HPUX 10.26) */
+#undef BROKEN_LOGIN
+
/* Define if you want to specify the path to your lastlog file */
#undef CONF_LASTLOG_FILE
@@ -236,6 +239,8 @@
/* Defined if in_systm.h needs to be included with netinet/ip.h (HPUX - <sigh/>) */
#undef NEED_IN_SYSTM_H
+/* Defined if on a Trusted HPUX system */
+#undef TRUSTED_HPUX
/* Define if you have an old version of PAM which takes only one argument */
/* to pam_strerror */
--- auth-passwd.c.orig Tue Apr 9 20:18:59 2002
+++ auth-passwd.c Sat Apr 13 11:56:16 2002
@@ -55,11 +55,11 @@
# include <hpsecurity.h>
# include <prot.h>
# endif
-# ifdef HAVE_SCO_PROTECTED_PW
+# ifdef HAVE_SECUREWARE_PW
# include <sys/security.h>
# include <sys/audit.h>
# include <prot.h>
-# endif /* HAVE_SCO_PROTECTED_PW */
+# endif /* HAVE_SECUREWARE_PW */
# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
# include <shadow.h>
# endif
@@ -102,12 +102,9 @@
char *encrypted_password;
char *pw_password;
char *salt;
-#ifdef __hpux
+#if defined(__hpux) || defined(HAVE_SECUREWARE_PW)
struct pr_passwd *spw;
-#endif
-#ifdef HAVE_SCO_PROTECTED_PW
- struct pr_passwd *spw;
-#endif /* HAVE_SCO_PROTECTED_PW */
+#endif /* __hpux || HAVE_SECUREWARE_PW */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
struct spwd *spw;
#endif
@@ -183,18 +180,18 @@
pw_password = spw->sp_pwdp;
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
-#ifdef HAVE_SCO_PROTECTED_PW
+#ifdef HAVE_SECUREWARE_PW
spw = getprpwnam(pw->pw_name);
if (spw != NULL)
pw_password = spw->ufld.fd_encrypt;
-#endif /* HAVE_SCO_PROTECTED_PW */
+#endif /* HAVE_SECUREWARE_PW */
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
pw_password = spw->pwa_passwd;
#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
-#if defined(__hpux)
+#if defined(__hpux) && !defined(HAVE_SECUREWARE_PW)
if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
pw_password = spw->ufld.fd_encrypt;
#endif /* defined(__hpux) */
@@ -214,17 +211,17 @@
else
encrypted_password = crypt(password, salt);
#else /* HAVE_MD5_PASSWORDS */
-# ifdef __hpux
+# if defined(__hpux) && !defined(HAVE_SECUREWARE_PW)
if (iscomsec())
encrypted_password = bigcrypt(password, salt);
else
encrypted_password = crypt(password, salt);
# else
-# ifdef HAVE_SCO_PROTECTED_PW
+# ifdef HAVE_SECUREWARE_PW
encrypted_password = bigcrypt(password, salt);
# else
encrypted_password = crypt(password, salt);
-# endif /* HAVE_SCO_PROTECTED_PW */
+# endif /* HAVE_SECUREWARE_PW */
# endif /* __hpux */
#endif /* HAVE_MD5_PASSWORDS */
--- configure.ac.orig Fri Apr 12 20:57:56 2002
+++ configure.ac Sat Apr 13 10:01:51 2002
@@ -79,6 +79,23 @@
*-*-darwin*)
AC_DEFINE(BROKEN_GETADDRINFO)
;;
+*-*-hpux10.26)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -Ae"
+ fi
+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
+ IPADDR_IN_DISPLAY=yes
+ AC_DEFINE(HAVE_SECUREWARE_PW)
+ AC_DEFINE(USE_PIPES)
+ AC_DEFINE(BROKEN_LOGIN)
+ AC_DEFINE(TRUSTED_HPUX)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
+ AC_DEFINE(DISABLE_SHADOW)
+ AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ LIBS="$LIBS -lxnet -lsec -lsecpw"
+ disable_ptmx_check=yes
+ ;;
*-*-hpux10*)
if test -z "$GCC"; then
CFLAGS="$CFLAGS -Ae"
@@ -217,7 +234,7 @@
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
AC_DEFINE(USE_PIPES)
- AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+ AC_DEFINE(HAVE_SECUREWARE_PW)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(BROKEN_SAVED_UIDS)
AC_CHECK_FUNCS(getluid setluid)
@@ -231,7 +248,7 @@
no_dev_ptmx=1
rsh_path="/usr/bin/rcmd"
AC_DEFINE(USE_PIPES)
- AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+ AC_DEFINE(HAVE_SECUREWARE_PW)
AC_DEFINE(DISABLE_SHADOW)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
@@ -1876,12 +1893,14 @@
fi
if test -z "$no_dev_ptmx" ; then
- AC_CHECK_FILE("/dev/ptmx",
- [
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
- have_dev_ptmx=1
- ]
- )
+ if test "x$disable_ptmx_check" != "xyes" ; then
+ AC_CHECK_FILE("/dev/ptmx",
+ [
+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
+ have_dev_ptmx=1
+ ]
+ )
+ fi
fi
AC_CHECK_FILE("/dev/ptc",
[
--- session.c.orig Tue Apr 9 20:19:04 2002
+++ session.c Sat Apr 13 10:01:51 2002
@@ -1117,7 +1117,12 @@
#ifdef xxxLOGIN_NEEDS_TERM
(s->term ? s->term : "unknown"),
#endif /* LOGIN_NEEDS_TERM */
+#ifdef BROKEN_LOGIN
+ /* The "--" makes login hang on Trusted HP-UX 10.26 */
+ "-p", "-f", pw->pw_name, (char *)NULL);
+#else
"-p", "-f", "--", pw->pw_name, (char *)NULL);
+#endif
/* Login couldn't be executed, die. */
@@ -1727,6 +1732,18 @@
*/
if (c->ostate != CHAN_OUTPUT_CLOSED)
chan_write_failed(c);
+#ifdef TRUSTED_HPUX
+ /*
+ * Took two lines from a patch at:
+ * <http://www.math.ualberta.ca/imaging/snfs/>
+ * by John C. Bowman
+ * There is some speculation that you could possibly
+ * see data loss from this on usenet. But without
+ * this sshd does not exit on logout.
+ */
+ if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
+ chan_read_failed(c);
+#endif
s->chanid = -1;
}
--- sshd.c.orig Tue Apr 9 20:19:04 2002
+++ sshd.c Sat Apr 13 10:01:52 2002
@@ -47,7 +47,10 @@
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/md5.h>
-#include <openssl/rand.h>
+#ifdef HAVE_SECUREWARE_PW
+#include <sys/security.h>
+#include <prot.h>
+#endif
#include "ssh.h"
#include "ssh1.h"
@@ -785,6 +788,10 @@
Key *key;
int ret, key_used = 0;
+#ifdef HAVE_SECUREWARE_PW
+ (void) set_auth_parameters(ac, av);
+#endif
+
__progname = get_progname(av[0]);
init_rng();
@@ -996,10 +1003,6 @@
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
-
-#ifdef HAVE_SCO_PROTECTED_PW
- (void) set_auth_parameters(ac, av);
-#endif
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag)
More information about the openssh-unix-dev
mailing list