Trusted HP-UX 10.26

Kevin Steves kevin at atomicgears.com
Tue Mar 26 13:04:15 EST 2002 

On Mon, 25 Mar 2002, Darren Cole wrote:
:Note:  This patch does not due privilege bracketting, nor does it make sshd
:multilevel aware (if you don't know what this means, don't worry about it)

ah, ok.  you can also upgrade to 10.20--why are you using 10.26 then?

:Some asked for seperate patches when they are large, but to keep them
:together if they are all for one fix.  At only a 184 lines, I figured
:keeping the patch together was better than 4 or 5 different patches.
:
:___patch follows___
:***************
:*** 183,190 ****
:--- 187,209 ----
:
:   if (authctxt->attempt++ == 0) {
:    /* setup auth context */
:+ #ifdef TRUSTED_HPUX
:+   struct pr_passwd *pr_pw = NULL;
:+ #endif
:    struct passwd *pw = NULL;
:    pw = getpwnam(user);
:+
:+ #ifdef TRUSTED_HPUX
:+   file://Trusted HP-UX passwords are stored differently
:+   file://you need to call getprpwnam to get the password for
:+   file://a user.
:+   pr_pw = getprpwnam(pw->pw_name);
:+   file://This dies with a bus error, but isn't
:+   file://this a pointer that should be freed
:+   file://before we reassign?
:+   file://free(pw->pw_passwd);
:+   pw->pw_passwd=pr_pw->ufld.fd_encrypt;
:+ #endif
:    if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
:     authctxt->pw = pwcopy(pw);
:     authctxt->valid = 1;

i don't understand this.  why do you need the hashed password here?
openssh works today with hp-ux commercial security--why is CMW different?
see auth-passwd.c. also, why did you change only auth2.c and not auth1.c?

:diff -cr openssh-3.1p1.orig/session.c openssh-3.1p1/session.c
:*** openssh-3.1p1.orig/session.c Mon Feb 25 15:48:03 2002
:--- openssh-3.1p1/session.c Fri Mar 22 22:56:30 2002
:***************
:*** 1285,1291 ****
:--- 1285,1297 ----
:  #ifdef LOGIN_NEEDS_TERM
:        (s->term ? s->term : "unknown"),
:  #endif /* LOGIN_NEEDS_TERM */
:+ #ifdef TRUSTED_HPUX
:+    // the "--" makes login hang on Trusted HP-UX
:+    // 10.26
:+       "-p", "-f", pw->pw_name, (char *)NULL);
:+ #else
:        "-p", "-f", "--", pw->pw_name, (char *)NULL);
:+ #endif
:
:    /* Login couldn't be executed, die. */

do you require UseLogin yes?

:   if (c->ostate != CHAN_OUTPUT_CLOSED)
:    chan_write_failed(c);
:+ #ifdef TRUSTED_HPUX
:+  file://Took two lines from a patch at:
:+  // <http://www.math.ualberta.ca/imaging/snfs/>
:+  file://by John C. Bowman
:+  file://There is some speculation that you could possibly
:+  file://see data loss from this on usenet.  But without
:+  file://this sshd does not exit on logout.
:+  if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
:+   chan_read_failed(c);
:+ #endif
:   s->chanid = -1;

this has been discussed and is wrong.

i don't understand the file:// stuff.

More information about the openssh-unix-dev mailing list