Trusted HP-UX 10.26

Darren Cole dcole at keysoftsys.com
Tue Mar 26 09:03:16 EST 2002


Here the patch to make 3.1p1 openssh configure and build for Trusted HP-UX
10.26.
What this patch does.
    First it adds support to correctly configure on Trusted HP-UX 10.26
    In turn this enables sshd to run successfully (otherwise it wont work at
all).  Once logged in the user will have the right clearance and privilege
sets.

Note:  This patch does not due privilege bracketting, nor does it make sshd
multilevel aware (if you don't know what this means, don't worry about it)

Some asked for seperate patches when they are large, but to keep them
together if they are all for one fix.  At only a 184 lines, I figured
keeping the patch together was better than 4 or 5 different patches.

___patch follows___
diff -cr openssh-3.1p1.orig/acconfig.h openssh-3.1p1/acconfig.h
*** openssh-3.1p1.orig/acconfig.h Tue Feb 26 16:40:49 2002
--- openssh-3.1p1/acconfig.h Thu Mar 21 23:19:56 2002
***************
*** 222,227 ****
--- 222,229 ----

  /* Defined if in_systm.h needs to be included with netinet/ip.h (HPUX -
<sigh/>) */
  #undef NEED_IN_SYSTM_H
+ /* Defined if on a Trusted HPUX system */
+ #undef TRUSTED_HPUX

  /* Define if you have an old version of PAM which takes only one argument
*/
  /* to pam_strerror */
diff -cr openssh-3.1p1.orig/auth2.c openssh-3.1p1/auth2.c
*** openssh-3.1p1.orig/auth2.c Tue Feb 26 18:09:43 2002
--- openssh-3.1p1/auth2.c Fri Mar 22 22:39:22 2002
***************
*** 23,28 ****
--- 23,32 ----
   */

  #include "includes.h"
+ #ifdef TRUSTED_HPUX
+ #include <sys/security.h>
+ #include <prot.h>
+ #endif
  RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $");

  #include <openssl/evp.h>
***************
*** 183,190 ****
--- 187,209 ----

   if (authctxt->attempt++ == 0) {
    /* setup auth context */
+ #ifdef TRUSTED_HPUX
+   struct pr_passwd *pr_pw = NULL;
+ #endif
    struct passwd *pw = NULL;
    pw = getpwnam(user);
+
+ #ifdef TRUSTED_HPUX
+   file://Trusted HP-UX passwords are stored differently
+   file://you need to call getprpwnam to get the password for
+   file://a user.
+   pr_pw = getprpwnam(pw->pw_name);
+   file://This dies with a bus error, but isn't
+   file://this a pointer that should be freed
+   file://before we reassign?
+   file://free(pw->pw_passwd);
+   pw->pw_passwd=pr_pw->ufld.fd_encrypt;
+ #endif
    if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
     authctxt->pw = pwcopy(pw);
     authctxt->valid = 1;
Common subdirectories: openssh-3.1p1.orig/autom4te.cache and
openssh-3.1p1/autom4te.cache
diff -cr openssh-3.1p1.orig/configure.ac openssh-3.1p1/configure.ac
*** openssh-3.1p1.orig/configure.ac Wed Feb 27 06:12:35 2002
--- openssh-3.1p1/configure.ac Fri Mar 22 00:08:59 2002
***************
*** 80,85 ****
--- 80,100 ----
  *-*-darwin*)
   AC_DEFINE(BROKEN_GETADDRINFO)
   ;;
+ *-*-hpux10.26)
+  if test -z "$GCC"; then
+   CFLAGS="$CFLAGS -Ae"
+  fi
+

CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=
1"
+  IPADDR_IN_DISPLAY=yes
+  AC_DEFINE(USE_PIPES)
+  AC_DEFINE(TRUSTED_HPUX)
+  AC_DEFINE(LOGIN_NEEDS_UTMPX)
+  AC_DEFINE(DISABLE_SHADOW)
+  AC_DEFINE(DISABLE_UTMP)
+  AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+  LIBS="$LIBS -lxnet -lsec -lsecpw"
+  disable_ptmx_check=yes
+  ;;
  *-*-hpux10*)
   if test -z "$GCC"; then
    CFLAGS="$CFLAGS -Ae"
***************
*** 1769,1780 ****
  fi

  if test -z "$no_dev_ptmx" ; then
!  AC_CHECK_FILE("/dev/ptmx",
!   [
!    AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
!    have_dev_ptmx=1
!   ]
!  )
  fi
  AC_CHECK_FILE("/dev/ptc",
   [
--- 1784,1797 ----
  fi

  if test -z "$no_dev_ptmx" ; then
!  if test "x$disable_ptmx_check" != "xyes" ; then
!   AC_CHECK_FILE("/dev/ptmx",
!    [
!     AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
!     have_dev_ptmx=1
!    ]
!   )
!  fi
  fi
  AC_CHECK_FILE("/dev/ptc",
   [
Common subdirectories: openssh-3.1p1.orig/contrib and openssh-3.1p1/contrib
Common subdirectories: openssh-3.1p1.orig/openbsd-compat and
openssh-3.1p1/openbsd-compat
Common subdirectories: openssh-3.1p1.orig/scard and openssh-3.1p1/scard
diff -cr openssh-3.1p1.orig/session.c openssh-3.1p1/session.c
*** openssh-3.1p1.orig/session.c Mon Feb 25 15:48:03 2002
--- openssh-3.1p1/session.c Fri Mar 22 22:56:30 2002
***************
*** 1285,1291 ****
--- 1285,1297 ----
  #ifdef LOGIN_NEEDS_TERM
        (s->term ? s->term : "unknown"),
  #endif /* LOGIN_NEEDS_TERM */
+ #ifdef TRUSTED_HPUX
+    // the "--" makes login hang on Trusted HP-UX
+    // 10.26
+       "-p", "-f", pw->pw_name, (char *)NULL);
+ #else
        "-p", "-f", "--", pw->pw_name, (char *)NULL);
+ #endif

    /* Login couldn't be executed, die. */

***************
*** 1736,1741 ****
--- 1742,1757 ----
    */
   if (c->ostate != CHAN_OUTPUT_CLOSED)
    chan_write_failed(c);
+ #ifdef TRUSTED_HPUX
+  file://Took two lines from a patch at:
+  // <http://www.math.ualberta.ca/imaging/snfs/>
+  file://by John C. Bowman
+  file://There is some speculation that you could possibly
+  file://see data loss from this on usenet.  But without
+  file://this sshd does not exit on logout.
+  if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
+   chan_read_failed(c);
+ #endif
   s->chanid = -1;
  }

diff -cr openssh-3.1p1.orig/sshd.c openssh-3.1p1/sshd.c
*** openssh-3.1p1.orig/sshd.c Tue Mar  5 01:31:30 2002
--- openssh-3.1p1/sshd.c Fri Mar 22 22:32:56 2002
***************
*** 45,50 ****
--- 45,54 ----
  #include <openssl/dh.h>
  #include <openssl/bn.h>
  #include <openssl/md5.h>
+ file://Trusted HP-UX
+ #include <sys/security.h>
+ #include <prot.h>
+ file://end Trusted HP-UX

  #include "ssh.h"
  #include "ssh1.h"
***************
*** 596,601 ****
--- 600,610 ----
   int startups = 0;
   Key *key;
   int ret, key_used = 0;
+ #ifdef TRUSTED_HPUX
+  file://This call is needed for getprpwnam in auth2.c
+  file://to initialize the security system for Trusted HP-UX
+  set_auth_parameters(ac, av);
+ #endif

   __progname = get_progname(av[0]);
   init_rng();





More information about the openssh-unix-dev mailing list