Testing of recent commits

Chris Adams cmadams at hiwaay.net
Fri Nov 21 16:21:22 EST 2003 

Here is an updated patch for Tru64.  I ran the regression tests with no
problems (had to run as root because of SIA and no sudo) except for the
reconfigure test hung (had to kill it); I haven't had a chance to look
at that yet.

The patch changes a couple of things:

- auth-sia.c: the SIA functions leave the uid=0, euid=pw->pw_uid, and
  the "saved set uid"=0 (this is apparently not something you can look
  at or set directly).  setuid(0) will set all three to 0, and then
  permanently_set_uid() works correctly (maybe permanently_set_uid()
  should make the setuid(0) call as the first thing?).  I think the old
  setreuid() call was okay, because I think the "saved set uid" is
  cleared on exec(), but this way is sure.

- configure.ac: DISABLE_FD_PASSING only needs to be defined once, and
  only when building with SIA (because SIA is the problem).  Also, SIA
  takes care of locked accounts, so the password file entry shouldn't be
  looked at to determine if an account is locked.

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.


diff -ur openssh-dist/auth-sia.c openssh/auth-sia.c
--- openssh-dist/auth-sia.c	Mon Jun  2 19:25:48 2003
+++ openssh/auth-sia.c	Thu Nov 20 22:42:02 2003
@@ -31,6 +31,7 @@
 #include "log.h"
 #include "servconf.h"
 #include "canohost.h"
+#include "uidswap.h"
 
 #include <sia.h>
 #include <siad.h>
@@ -103,8 +104,8 @@
 	
 	sia_ses_release(&ent);
 
-	if (setreuid(geteuid(), geteuid()) < 0)
-		fatal("setreuid: %s", strerror(errno));
+	setuid(0);
+	permanently_set_uid(pw);
 }
 
 #endif /* HAVE_OSF_SIA */
diff -ur openssh-dist/configure.ac openssh/configure.ac
--- openssh-dist/configure.ac	Wed Oct 15 01:57:57 2003
+++ openssh/configure.ac	Thu Nov 20 22:07:19 2003
@@ -409,14 +409,13 @@
 			LIBS="$LIBS -lsecurity -ldb -lm -laud"
 		else
 			AC_MSG_RESULT(no)
+			AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
 		fi
 	fi
-	AC_DEFINE(DISABLE_FD_PASSING)
 	AC_DEFINE(BROKEN_GETADDRINFO)
 	AC_DEFINE(SETEUID_BREAKS_SETUID)
 	AC_DEFINE(BROKEN_SETREUID)
 	AC_DEFINE(BROKEN_SETREGID)
-	AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
 	;;
 
 *-*-nto-qnx)

More information about the openssh-unix-dev mailing list