openssh 4.6p1 bug / IRIX

Mon Mar 26 12:59:59 EST 2007

On Sat, 24 Mar 2007, Darren Tucker wrote:

> On Sat, Mar 24, 2007 at 09:19:43AM +0100, g.fischer at ah-online.com wrote:
> > 
> > thanks for the hints.
> > i got it done by hardcoding the solution you mentioned. not nice but worked.
> > 
> > maybe the check for the libiaf should be refined.
> 
> This diff ought to do it (you will need to run "autoreconf" to rebuild
> configure if you try this).  It also prevents libiaf from being linked
> to anything other than sshd, and then only if it's used.
> 
> Hopefully this still works on the platforms that have libiaf (according
> to the survey data, this includes UnixWare 2, 6 and 7).  Tim?
> 
> Index: auth.c
auth.c bits are OK

> Index: configure.ac
Minor correction.
.....

--- openssh/configure.ac.old	2007-03-24 15:23:31.521293001 -0700
+++ openssh/configure.ac	2007-03-25 19:26:00.029084007 -0700
@@ -1978,7 +1978,12 @@
 # Search for SHA256 support in libc and/or OpenSSL
 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
 
-AC_CHECK_LIB(iaf, ia_openinfo)
+saved_LIBS="$LIBS"
+AC_CHECK_LIB(iaf, ia_openinfo, [
+	LIBS="$LIBS -liaf"
+	AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
+])
+LIBS="$saved_LIBS"
 
 ### Configure cryptographic random number support
 
.....

> Index: defines.h
defines.h bits are OK

> Index: session.c
session.c bits are OK

For completeness I think we should add these bits.
....
--- openssh/openbsd-compat/port-uw.c.old	2006-09-06 14:33:55.391918000 -0700
+++ openssh/openbsd-compat/port-uw.c	2007-03-25 18:23:48.758604003 -0700
@@ -79,7 +79,7 @@
 #endif /* UNIXWARE_LONG_PASSWORDS */
 		result = (strcmp(xcrypt(password, salt), pw_password) == 0);
 
-#if !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
 	if (authctxt->valid)
 		free(pw_password);
 #endif
@@ -127,7 +127,7 @@
 	functions that call shadow_pw() will need to free
  */
 
-#if !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
 char *
 get_iaf_password(struct passwd *pw)
 {
@@ -144,6 +144,6 @@
 	else
 		fatal("ia_openinfo: Unable to open the shadow passwd file");
 }
-#endif /* !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
 #endif /* HAVE_LIBIAF */
 
--- openssh/openbsd-compat/port-uw.h.old	2005-08-31 08:48:19.611180000 -0700
+++ openssh/openbsd-compat/port-uw.h	2007-03-25 18:24:10.148604002 -0700
@@ -24,7 +24,7 @@
 
 #include "includes.h"
 
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
 char * get_iaf_password(struct passwd *pw);
 #endif
 
--- openssh/openbsd-compat/xcrypt.c.old	2006-09-06 14:33:55.971918000 -0700
+++ openssh/openbsd-compat/xcrypt.c	2007-03-25 18:24:25.728604004 -0700
@@ -98,7 +98,7 @@
 		pw_password = spw->sp_pwdp;
 # endif
 
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
 	return(get_iaf_password(pw));
 #endif
 
....

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net


