Testing of recent commits

Ralf Hack ralf.hack at gxn.net
Wed Nov 19 22:34:16 EST 2003

>There have been a few recent commits to portable OpenSSH that require
>testing. It would be appreciated if you could grab the 20031118 (or
>later) snapshot and give it a try on your platforms of choice.
>Ideally, "giving it a try" means running the regress tests, in addition
>to casual (non-production) use and reporting your experiences back to
>the list. The more platforms and compile-time options, the better.
>Please note that the new snapshots replace the experimental "gssapi"
>authentication method with an improved "gssapi-with-mic" method. The new
>method (which does *not* interoperate with the deprecated "gssapi"
>method) provides proper validation of the session ID between the client
>and the server.


	I compiled 20031118 on debian:woody on intel without 
problems. Given some time constraints, I haven't been able to test it.

	However, I noticed that the bug preventing 'do_pam_session()' 
from getting compiled in for systems that have 'HAVE_SETPCRED' set, 
such as FreeBSD 4.7 (and apparently linux), is still there 
(session.c:do_setusercontext()).  I think the following patch 
(similar to the one I submitted previously) should fix this.  I am 
not sure how setpred() and PAM interact, so do take this patch with a 
grain of salt.

--- session.c.orig      Mon Nov 17 10:41:42 2003
+++ session.c   Wed Nov 19 11:21:36 2003
@@ -1237,6 +1237,17 @@
                         fatal("Failed to set process credentials");
  #endif /* HAVE_SETPCRED */
+# ifdef USE_PAM
+               /*
+                * Run do_pam_session() here too
+                */
+               if (options.use_pam) {
+                       do_pam_session();
+                       do_pam_setcred(0);
+               }
+# endif /* USE_PAM */
  # ifdef __bsdi__
                 setpgid(0, 0);
  # endif
@@ -1245,6 +1256,7 @@
                         perror("unable to set user context");

More information about the openssh-unix-dev mailing list