Trusted HP-UX 10.26

Ben Lindstrom mouring at etoh.eviladmin.org
Tue Mar 26 11:29:43 EST 2002 

Please avoid C++ comments.. They are not accepted on very C compiler.

- Ben

On Mon, 25 Mar 2002, Darren Cole wrote:

> Here the patch to make 3.1p1 openssh configure and build for Trusted HP-UX
> 10.26.
> What this patch does.
>     First it adds support to correctly configure on Trusted HP-UX 10.26
>     In turn this enables sshd to run successfully (otherwise it wont work at
> all).  Once logged in the user will have the right clearance and privilege
> sets.
>
> Note:  This patch does not due privilege bracketting, nor does it make sshd
> multilevel aware (if you don't know what this means, don't worry about it)
>
> Some asked for seperate patches when they are large, but to keep them
> together if they are all for one fix.  At only a 184 lines, I figured
> keeping the patch together was better than 4 or 5 different patches.
>
> ___patch follows___
> diff -cr openssh-3.1p1.orig/acconfig.h openssh-3.1p1/acconfig.h
> *** openssh-3.1p1.orig/acconfig.h Tue Feb 26 16:40:49 2002
> --- openssh-3.1p1/acconfig.h Thu Mar 21 23:19:56 2002
> ***************
> *** 222,227 ****
> --- 222,229 ----
>
>   /* Defined if in_systm.h needs to be included with netinet/ip.h (HPUX -
> <sigh/>) */
>   #undef NEED_IN_SYSTM_H
> + /* Defined if on a Trusted HPUX system */
> + #undef TRUSTED_HPUX
>
>   /* Define if you have an old version of PAM which takes only one argument
> */
>   /* to pam_strerror */
> diff -cr openssh-3.1p1.orig/auth2.c openssh-3.1p1/auth2.c
> *** openssh-3.1p1.orig/auth2.c Tue Feb 26 18:09:43 2002
> --- openssh-3.1p1/auth2.c Fri Mar 22 22:39:22 2002
> ***************
> *** 23,28 ****
> --- 23,32 ----
>    */
>
>   #include "includes.h"
> + #ifdef TRUSTED_HPUX
> + #include <sys/security.h>
> + #include <prot.h>
> + #endif
>   RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $");
>
>   #include <openssl/evp.h>
> ***************
> *** 183,190 ****
> --- 187,209 ----
>
>    if (authctxt->attempt++ == 0) {
>     /* setup auth context */
> + #ifdef TRUSTED_HPUX
> +   struct pr_passwd *pr_pw = NULL;
> + #endif
>     struct passwd *pw = NULL;
>     pw = getpwnam(user);
> +
> + #ifdef TRUSTED_HPUX
> +   file://Trusted HP-UX passwords are stored differently
> +   file://you need to call getprpwnam to get the password for
> +   file://a user.
> +   pr_pw = getprpwnam(pw->pw_name);
> +   file://This dies with a bus error, but isn't
> +   file://this a pointer that should be freed
> +   file://before we reassign?
> +   file://free(pw->pw_passwd);
> +   pw->pw_passwd=pr_pw->ufld.fd_encrypt;
> + #endif
>     if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
>      authctxt->pw = pwcopy(pw);
>      authctxt->valid = 1;
> Common subdirectories: openssh-3.1p1.orig/autom4te.cache and
> openssh-3.1p1/autom4te.cache
> diff -cr openssh-3.1p1.orig/configure.ac openssh-3.1p1/configure.ac
> *** openssh-3.1p1.orig/configure.ac Wed Feb 27 06:12:35 2002
> --- openssh-3.1p1/configure.ac Fri Mar 22 00:08:59 2002
> ***************
> *** 80,85 ****
> --- 80,100 ----
>   *-*-darwin*)
>    AC_DEFINE(BROKEN_GETADDRINFO)
>    ;;
> + *-*-hpux10.26)
> +  if test -z "$GCC"; then
> +   CFLAGS="$CFLAGS -Ae"
> +  fi
> +
>
> CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=
> 1"
> +  IPADDR_IN_DISPLAY=yes
> +  AC_DEFINE(USE_PIPES)
> +  AC_DEFINE(TRUSTED_HPUX)
> +  AC_DEFINE(LOGIN_NEEDS_UTMPX)
> +  AC_DEFINE(DISABLE_SHADOW)
> +  AC_DEFINE(DISABLE_UTMP)
> +  AC_DEFINE(SPT_TYPE,SPT_PSTAT)
> +  LIBS="$LIBS -lxnet -lsec -lsecpw"
> +  disable_ptmx_check=yes
> +  ;;
>   *-*-hpux10*)
>    if test -z "$GCC"; then
>     CFLAGS="$CFLAGS -Ae"
> ***************
> *** 1769,1780 ****
>   fi
>
>   if test -z "$no_dev_ptmx" ; then
> !  AC_CHECK_FILE("/dev/ptmx",
> !   [
> !    AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
> !    have_dev_ptmx=1
> !   ]
> !  )
>   fi
>   AC_CHECK_FILE("/dev/ptc",
>    [
> --- 1784,1797 ----
>   fi
>
>   if test -z "$no_dev_ptmx" ; then
> !  if test "x$disable_ptmx_check" != "xyes" ; then
> !   AC_CHECK_FILE("/dev/ptmx",
> !    [
> !     AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
> !     have_dev_ptmx=1
> !    ]
> !   )
> !  fi
>   fi
>   AC_CHECK_FILE("/dev/ptc",
>    [
> Common subdirectories: openssh-3.1p1.orig/contrib and openssh-3.1p1/contrib
> Common subdirectories: openssh-3.1p1.orig/openbsd-compat and
> openssh-3.1p1/openbsd-compat
> Common subdirectories: openssh-3.1p1.orig/scard and openssh-3.1p1/scard
> diff -cr openssh-3.1p1.orig/session.c openssh-3.1p1/session.c
> *** openssh-3.1p1.orig/session.c Mon Feb 25 15:48:03 2002
> --- openssh-3.1p1/session.c Fri Mar 22 22:56:30 2002
> ***************
> *** 1285,1291 ****
> --- 1285,1297 ----
>   #ifdef LOGIN_NEEDS_TERM
>         (s->term ? s->term : "unknown"),
>   #endif /* LOGIN_NEEDS_TERM */
> + #ifdef TRUSTED_HPUX
> +    // the "--" makes login hang on Trusted HP-UX
> +    // 10.26
> +       "-p", "-f", pw->pw_name, (char *)NULL);
> + #else
>         "-p", "-f", "--", pw->pw_name, (char *)NULL);
> + #endif
>
>     /* Login couldn't be executed, die. */
>
> ***************
> *** 1736,1741 ****
> --- 1742,1757 ----
>     */
>    if (c->ostate != CHAN_OUTPUT_CLOSED)
>     chan_write_failed(c);
> + #ifdef TRUSTED_HPUX
> +  file://Took two lines from a patch at:
> +  // <http://www.math.ualberta.ca/imaging/snfs/>
> +  file://by John C. Bowman
> +  file://There is some speculation that you could possibly
> +  file://see data loss from this on usenet.  But without
> +  file://this sshd does not exit on logout.
> +  if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
> +   chan_read_failed(c);
> + #endif
>    s->chanid = -1;
>   }
>
> diff -cr openssh-3.1p1.orig/sshd.c openssh-3.1p1/sshd.c
> *** openssh-3.1p1.orig/sshd.c Tue Mar  5 01:31:30 2002
> --- openssh-3.1p1/sshd.c Fri Mar 22 22:32:56 2002
> ***************
> *** 45,50 ****
> --- 45,54 ----
>   #include <openssl/dh.h>
>   #include <openssl/bn.h>
>   #include <openssl/md5.h>
> + file://Trusted HP-UX
> + #include <sys/security.h>
> + #include <prot.h>
> + file://end Trusted HP-UX
>
>   #include "ssh.h"
>   #include "ssh1.h"
> ***************
> *** 596,601 ****
> --- 600,610 ----
>    int startups = 0;
>    Key *key;
>    int ret, key_used = 0;
> + #ifdef TRUSTED_HPUX
> +  file://This call is needed for getprpwnam in auth2.c
> +  file://to initialize the security system for Trusted HP-UX
> +  set_auth_parameters(ac, av);
> + #endif
>
>    __progname = get_progname(av[0]);
>    init_rng();
>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>

More information about the openssh-unix-dev mailing list