Testing of recent commits
Ralf Hack
ralf.hack at gxn.net
Wed Nov 19 22:34:16 EST 2003
>There have been a few recent commits to portable OpenSSH that require
>testing. It would be appreciated if you could grab the 20031118 (or
>later) snapshot and give it a try on your platforms of choice.
>
>Ideally, "giving it a try" means running the regress tests, in addition
>to casual (non-production) use and reporting your experiences back to
>the list. The more platforms and compile-time options, the better.
>
>Please note that the new snapshots replace the experimental "gssapi"
>authentication method with an improved "gssapi-with-mic" method. The new
>method (which does *not* interoperate with the deprecated "gssapi"
>method) provides proper validation of the session ID between the client
>and the server.
Hi,
I compiled 20031118 on debian:woody on intel without
problems. Given some time constraints, I haven't been able to test it.
However, I noticed that the bug preventing 'do_pam_session()'
from getting compiled in for systems that have 'HAVE_SETPCRED' set,
such as FreeBSD 4.7 (and apparently linux), is still there
(session.c:do_setusercontext()). I think the following patch
(similar to the one I submitted previously) should fix this. I am
not sure how setpred() and PAM interact, so do take this patch with a
grain of salt.
--- session.c.orig Mon Nov 17 10:41:42 2003
+++ session.c Wed Nov 19 11:21:36 2003
@@ -1237,6 +1237,17 @@
fatal("Failed to set process credentials");
#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
+
+# ifdef USE_PAM
+ /*
+ * Run do_pam_session() here too
+ */
+ if (options.use_pam) {
+ do_pam_session();
+ do_pam_setcred(0);
+ }
+# endif /* USE_PAM */
+
# ifdef __bsdi__
setpgid(0, 0);
# endif
@@ -1245,6 +1256,7 @@
perror("unable to set user context");
exit(1);
More information about the openssh-unix-dev
mailing list