Testing of recent commits
cmadams at hiwaay.net
Fri Nov 21 16:21:22 EST 2003
Here is an updated patch for Tru64. I ran the regression tests with no
problems (had to run as root because of SIA and no sudo) except for the
reconfigure test hung (had to kill it); I haven't had a chance to look
at that yet.
The patch changes a couple of things:
- auth-sia.c: the SIA functions leave the uid=0, euid=pw->pw_uid, and
the "saved set uid"=0 (this is apparently not something you can look
at or set directly). setuid(0) will set all three to 0, and then
permanently_set_uid() works correctly (maybe permanently_set_uid()
should make the setuid(0) call as the first thing?). I think the old
setreuid() call was okay, because I think the "saved set uid" is
cleared on exec(), but this way is sure.
- configure.ac: DISABLE_FD_PASSING only needs to be defined once, and
only when building with SIA (because SIA is the problem). Also, SIA
takes care of locked accounts, so the password file entry shouldn't be
looked at to determine if an account is locked.
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
diff -ur openssh-dist/auth-sia.c openssh/auth-sia.c
--- openssh-dist/auth-sia.c Mon Jun 2 19:25:48 2003
+++ openssh/auth-sia.c Thu Nov 20 22:42:02 2003
@@ -31,6 +31,7 @@
@@ -103,8 +104,8 @@
- if (setreuid(geteuid(), geteuid()) < 0)
- fatal("setreuid: %s", strerror(errno));
#endif /* HAVE_OSF_SIA */
diff -ur openssh-dist/configure.ac openssh/configure.ac
--- openssh-dist/configure.ac Wed Oct 15 01:57:57 2003
+++ openssh/configure.ac Thu Nov 20 22:07:19 2003
@@ -409,14 +409,13 @@
LIBS="$LIBS -lsecurity -ldb -lm -laud"
+ AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
- AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
More information about the openssh-unix-dev