Environment passing in Solaris 8 with later versions of SSH and U seLogin=yes

Roberts-Thomson, James James.Roberts-Thomson at NBNZ.CO.NZ
Mon Sep 29 12:07:05 EST 2003


Hi,

I've got the following issue, which I'm unable to resolve by myself.
Hopefully, someone on the list will be able to guide me, or provide more
information towards resolving this.

We've compiled OpenSSH v3.7.1p1 (which I know is not the most recent
version) on Solaris 8 SPARC, and have noticed that when the "UseLogin=yes"
parameter is set in the sshd_config file, the environment which SSH builds
for the child shell isn't making into the shell.  When running both client
and server in debug mode, I can see the following when the client attempts
to login: (the JRT lines are my attempting to trace the program execution
flow)

debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: JRT-03: do_pre_login
debug1: JRT-04: do_child
Environment:
  TZ=NZ
  SSH_CLIENT=xxx.xx.xx.xxx 34811 2222
  SSH_CONNECTION=xxx.xx.xx.xxx 34811 xxx.xx.xx.xx 2222
  SSH_TTY=/dev/pts/6
  TERM=xterm
debug1: JRT-05: launch_login

However, if I then query the environment of the logged in process, none of
the variables have been set properly, thus:

user at host:~$ echo $SSH_CLIENT

user at host:~$ echo $SSH_TTY

user at host:~$ echo $TERM
sun

I don't mind the loss of SSH_CLIENT and SSH_TTY; but the fact that my TERM
is not being set correctly is causing all sorts of problems.

This DOES work in OpenSSH 3.0p1, with the same configuration file.  Turning
UseLogin OFF in OpenSSH 3.7.1p1 also works; but causes other issues with
Solaris password aging, so isn't an option (madated by our Information
Security people).  This has been tested on the SAME machine in the SAME
interactive session, so I know it isn't an issue with different OS / build /
runtime factors.

As far as I can tell, the environment etc is all done in "session.c".  I've
looked at the code to the best of my ability (I'm not a C guru, but can do
basic things), and the two versions of code is doing much the same stuff:

1.  Define char **env
2.  Define "extern char **environ", which I assume will reach the
environment setup by the C RTL.
3.  Populate "env" by various calls to child_set_env (which in OpenSSH
3.7.1p1 is called in another routine, by env = do_setup_env - is this the
problem??)
4.  "environ = env", which I assume will set the external environment to the
newly defined environment stored in "env".
5.  Call "execl(LOGIN_PROGRAM, "login", "-h", hostname, "-p" ,"-f", "--",
pw-<pw_name, (char *) NULL)" to exec the login process.  The "-p" flag is
supposed to get login to read the current environment.

Hints / Help / Suggestions all welcome.  Solutions are preferred  <grin>.

Please ensure any responses are cc'ed to myself directly as well as the
list, as I'm not a subscriber to the list currently (too many viruses on the
list!)

Thanks in advance,

James Roberts-Thomson
Senior Systems Engineer	DDI +64 4 494 4436
Infrastructure Projects	Tel +64 4 494 4000
The National Bank of New Zealand Limited	Fax +64 4 802 8509
----------
If at first you don't succeed, redefine success.

(Note:  This .sig is not an option for this problem!)

This communication is confidential and may contain privileged material.
If you are not the intended recipient you must not use, disclose, copy or retain it.
If you have received it in error please immediately notify me by return email
and delete the emails.
Thank you.



More information about the openssh-unix-dev mailing list