AIX patch for openssh-3.7.1p2
Darren Tucker
dtucker at zip.com.au
Fri Oct 31 08:13:56 EST 2003
Matt Richards wrote:
[setauthdb]
> I mispoke. The problem actually is privledge separation and setauthdb.
> setauthdb requires root, sshd is not running as root during privledge
> separation, so the authentication fails.
When running with Privilege Separation, there are 2 sshd's[1], one running
as root and one not. aix_setauthdb() should always be called from the
privileged sshd process.
If it's not, can you please post a debug (sshd -ddd) where it's failing?
(Also, which AIX version, maintenance level and compiler are you using?)
> > I can't follow the changes to configure (which is a machine-generated
> > file). What is the issue with the loginfailed test? Could you post a
> > patch against configure.ac, which is what autoconf uses to generate
> > configure? (preferably "diff -u").
>
> The problem here is the configure test of:
>
> #ifndef loginfailed
> char *p = (char *) loginfailed;
> #endif
>
> loginfailed is not defined by the compiler and is picked up during the
> linking phase. The patch that I put in tests the linking phase rather
> than the compiling phase. The code above will always fail on AIX.
That's the output of AC_CHECK_FUNC and it's an #ifndef and not #ifdef.
Can you please post the fragment of config.log where it's failing?
> AIX has an odd setup for wtmp. I originally patched the 1.2.27 version of
> ssh to use AIX's loginsuccess and loginfailed which will take care of
> wtmp and lastlog. It seems that openssh-3.7.1 changed it and put it under
> CUSTOM_FAILED_LOGIN define. Defining CUSTOM_FAILED_LOGIN, works for this
> version.
CUSTOM_FAILED_LOGIN should be defined automatically be configure. Again,
if it's not please post the the fragment from config.log where it fails.
[1] Actually for privesep, there are 4 sshds handling a given connections
at various times (not counting the master daemon), but there's normally
only 2 at any given time.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list