OpenSSH 3.8.1p1: call for testing

Gert Doering gert at greenie.muc.de
Mon Apr 19 04:35:43 EST 2004 

Hi,

On Fri, Apr 16, 2004 at 08:18:42AM +1000, Damien Miller wrote:
> So far we have received only *one* test report as a result of this call
> for testing (thanks Corinna).
> 
> We absolutely need wider testing of releases. While we try to test on as
> many platforms as possible, there is no way we can get them all. If you
> want the next stable OpenSSH to work for you, then please help out.

OK.  Testing on SCO Open Server 3.0 (3.2v4.2).

Config output is:

------------- snip ------------------
penSSH has been configured with the following options:
                     User binaries: /usr/local/bin
                   System binaries: /usr/local/sbin
               Configuration files: /etc
                   Askpass program: /usr/local/libexec/ssh-askpass
                      Manual pages: /usr/local/man/manX
                          PID file: /var/run
  Privilege separation chroot path: /var/empty
            sshd default user PATH: /bin:/usr/bin:/usr/local/bin:/usr/local/games/bin
   (If PATH is set in /etc/default/login it will be used instead. If
   used, ensure the path to scp is present, otherwise scp will not work.)
                    Manpage format: man
                       PAM support: no
                 KerberosV support: no
                 Smartcard support: no
                     S/KEY support: yes
              TCP Wrappers support: no
              MD5 password support: no
       IP address in $DISPLAY hack: no
           Translate v4 in v6 hack: no
                  BSD Auth support: no
              Random number source: ssh-rand-helper
     ssh-rand-helper collects from: TCP localhost:3300

              Host: i586-pc-sco3.2v4.2
          Compiler: gcc
    Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
Preprocessor flags:  -Dftruncate=chsize
      Linker flags: 
         Libraries:   -lcrypto -lskey -lintl -lz -lgen -lrpc -lyp -lrpc -lsocket  -los -lprot -lcrypt_i -lx -ltinfo -lm

------------- snip ------------------

make dies at:

------------- snip ------------------
        gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./..  -Dftruncate=chsize -DHAVE_CONFIG_H -c getrrsetbyname.c
getrrsetbyname.c: In function `getrrsetbyname':
getrrsetbyname.c:190: warning: implicit declaration of function `res_init'
getrrsetbyname.c:206: warning: implicit declaration of function `res_query'
getrrsetbyname.c:209: `h_errno' undeclared (first use this function)
getrrsetbyname.c:209: (Each undeclared identifier is reported only once
getrrsetbyname.c:209: for each function it appears in.)
getrrsetbyname.c: In function `parse_dns_qsection':
getrrsetbyname.c:436: warning: implicit declaration of function `dn_expand'
------------- snip ------------------

fixed by adding an explicit "extern int h_errno;" to that file.

------------- snip ------------------
RCS file: /cvs/openssh_cvs/openbsd-compat/getrrsetbyname.c,v
retrieving revision 1.9
diff -u -r1.9 getrrsetbyname.c
--- getrrsetbyname.c    24 Feb 2004 04:51:07 -0000      1.9
+++ getrrsetbyname.c    18 Apr 2004 17:45:38 -0000
@@ -167,6 +167,7 @@
        int length;
        unsigned int index_ans, index_sig;
        u_char answer[ANSWER_BUFFER_SIZE];
+       extern int h_errno;
 
        /* check for invalid class and type */
        if (rdclass > 0xffff || rdtype > 0xffff) {
------------- snip ------------------

The regression test isn't portable enough for oldish SCO:
------------- snip ------------------
run test connect ...
/u/softadm/openssh_cvs/regress/test-exec.sh: whoami: not found
id: illegal option -- u
id: illegal option -- n
Usage: id [-l] [-s]
...
/u/softadm/openssh_cvs/regress/ssh_config line 5: Missing argument.
ssh connect with protocol 1 failed
/u/softadm/openssh_cvs/regress/ssh_config line 5: Missing argument.
ssh connect with protocol 2 failed
failed simple connect
------------- snip ------------------

("id" doesn't have any switch to only display the current user name).

Hopefully quite portable fix:

------------- snip ------------------
--- regress/test-exec.sh        29 Feb 2004 09:31:08 -0000      1.7
+++ regress/test-exec.sh        18 Apr 2004 18:12:22 -0000
@@ -8,8 +8,10 @@
        USER=`/usr/ucb/whoami`
 elif whoami >/dev/null 2>&1; then
        USER=`whoami`
-else
+elif id -un >/dev/null 2>&1; then
        USER=`id -un`
+else
+       USER=`who am i | cut -d' ' -f1` 
 fi
 
 OBJ=$1
------------- snip ------------------

... it still fails:
------------- snip ------------------
Connection closed by 127.0.0.1
ssh connect with protocol 1 failed
Connection closed by 127.0.0.1
ssh connect with protocol 2 failed
failed simple connect
------------- snip ------------------


Doing individual tests leads to:

 - unprivileged ssh works fine (-1 and -2)

 - chmod 4711'ed ssh (for RhostsRSAAuthentication) is broken:

------------- snip ------------------
gert at greenie:/u/softadm/openssh_cvs$ ./ssh -1 -v $targethost
OpenSSH_3.8.1p1, OpenSSL 0.9.6g 9 Aug 2002
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to $targethost [19.20.21.100] port 22.
rresvport: af=2 Permission denied
ssh: connect to host $targethost port 22: Permission denied
------------- snip ------------------

 - sshd -1 / RhostsRSAAuthentication works, but has an interesting side 
   effect: upon logout, the client gets the message
------------- snip ------------------
Received disconnect from 193.149.48.161: wait: No child processes
------------- snip ------------------

   the server log ends with:
------------- snip ------------------
debug1: server_init_dispatch_13
debug1: server_init_dispatch_15
debug1: Received SIGCHLD.
debug2: notify_done: reading
debug1: End of interactive session; stdin 12, stdout (read 829, sent 829), stderr 0 bytes.
Disconnecting: wait: No child processes
debug1: do_cleanup
debug1: session_pty_cleanup: session 0 release /dev/ttyp25
------------- snip ------------------

 - sshd -2 / HostBasedAuthentication mostly works, but upon logout, the
   client session hangs:
------------- snip ------------------
gert at greenie:/u/gert$ exit
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
<nothing more>
------------- snip ------------------

   server side (-d -d -d)
------------- snip ------------------
debug2: fd 10 setting O_NONBLOCK
debug2: fd 9 is O_NONBLOCK
debug1: Received SIGCHLD.
debug2: notify_done: reading
debug2: channel 0: read<=0 rfd 10 len 0
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
<nothing more>
------------- snip ------------------

   (this is not a new thing - it was already in 3.6, but I haven't been
   able to figure out what's going on here)


 - password authentication is completely broken - SCO uses SECUREWARE /
   "getprpwnam()" for "trusted computing base" password access, but
   the corresponding code from auth-passwd.c seems to have disappeared.

   I assume that a "CUSTOM_SYS_AUTH_PASSWD" module needs to be written
   to support SECUREWARE.


Summary: it might not be worth effort.  I'm unsure whether anybody but 
myself is still interested in SCO Open Server 3.0 / SCO Unix 3.2v4.2, 
and I'm working on migrating myself away from this platform anyway.

In any case it should be mentioned in the documentation that this old
SCO system is now "unsupported" and *will not work* without major 
effort.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the openssh-unix-dev mailing list