4.7p1 password auth broken on SCO OSR6

Roger Cornelius rac at tenzing.org
Fri Sep 14 05:18:24 EST 2007 

On 09/10/2007 16:14, Tim Rice wrote:
> On Mon, 10 Sep 2007, Roger Cornelius wrote:
> 
> > openssh 4.7p1
> > SCO OSR6
> > 
> > Password authentication is non-functional.  This seems dependent on
> > USE_LIBIAF which further depends on HAVE_LIBIAF (in defines.h), but
> > there is no longer any code in configure to define the latter.  Building
> 
> This patch will solve the missing HAVE_LIBIAF
> ------------
> --- configure.ac.old	2007-08-15 09:16:29.007892000 -0700
> +++ configure.ac	2007-09-10 15:54:26.072835157 -0700
> @@ -2004,7 +2004,10 @@
>  saved_LIBS="$LIBS"
>  AC_CHECK_LIB(iaf, ia_openinfo, [
>  	LIBS="$LIBS -liaf"
> -	AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
> +	AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
> +				AC_DEFINE(HAVE_LIBIAF, 1,
> +        		[Define if system has libiaf that supports set_id])
> +				])
>  ])
>  LIBS="$saved_LIBS"
>  
> ------------
> 
> > with HAVE_LIBIAF defined enables password authentication, but only for
> > non-long (<9 char) passwords, even though UNIXWARE_LONG_PASSWORDS seems
> > to be defined.  I haven't had time yet to investigate further.
> 
> Authentication in the SVR5 space on OpenServer 6 is still lacking.
> (getluid/setluid)
> 
> Probably best to build in the osr5 space for now.

Your patch fixed password auth for short passwords as expected.

Needed for long passwords is -DHAVE_SECUREWARE, and -lprot (must be
searched before -lcrypt).   I also found the following patch to
openbsd-compat/xcrypt.c was needed though I don't know why.  xcrypt.c
did not change from 4.6p1 to 4.7p1.  I no longer use password
authentication so maybe I forgot to test it on 4.6p1.

This is for udk mode.  I have not tried building in osr mode.

Roger

------------
--- xcrypt.c.orig	2007-09-13 14:58:13.726207003 -0400
+++ xcrypt.c	2007-09-13 14:56:01.376847016 -0400
@@ -30,0 +31,5 @@
+# ifdef HAVE_SECUREWARE
+#  include <sys/security.h>
+#  include <sys/audit.h>
+#  include <prot.h>
+# else
@@ -33,0 +39 @@
+# endif 
@@ -40,6 +45,0 @@
-# ifdef HAVE_SECUREWARE
-#  include <sys/security.h>
-#  include <sys/audit.h>
-#  include <prot.h>
-# endif 
-
@@ -110 +110 @@
-	struct pr_passwd *spw = getprpwnam(pw->pw_name);
+	struct pr_passwd *swspw = getprpwnam(pw->pw_name);
@@ -112,2 +112,2 @@
-	if (spw != NULL)
-		pw_password = spw->ufld.fd_encrypt;
+	if (swspw != NULL)
+		pw_password = swspw->ufld.fd_encrypt;
------------

-- 
Roger Cornelius        rac at tenzing.org

More information about the openssh-unix-dev mailing list