4.7p1 password auth broken on SCO OSR6

[Roger Cornelius]

On 09/13/2007 15:18, Roger Cornelius wrote:
> On 09/10/2007 16:14, Tim Rice wrote:
> > On Mon, 10 Sep 2007, Roger Cornelius wrote:
> > 
> > > openssh 4.7p1
> > > SCO OSR6
> > > 
> > > Password authentication is non-functional.  This seems dependent on
> > > USE_LIBIAF which further depends on HAVE_LIBIAF (in defines.h), but
> > > there is no longer any code in configure to define the latter.  Building
> > 
> > This patch will solve the missing HAVE_LIBIAF
> > ------------
> > --- configure.ac.old	2007-08-15 09:16:29.007892000 -0700
> > +++ configure.ac	2007-09-10 15:54:26.072835157 -0700
> > @@ -2004,7 +2004,10 @@
> >  saved_LIBS="$LIBS"
> >  AC_CHECK_LIB(iaf, ia_openinfo, [
> >  	LIBS="$LIBS -liaf"
> > -	AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
> > +	AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
> > +				AC_DEFINE(HAVE_LIBIAF, 1,
> > +        		[Define if system has libiaf that supports set_id])
> > +				])
> >  ])
> >  LIBS="$saved_LIBS"
> >  
> > ------------
> > 
> > > with HAVE_LIBIAF defined enables password authentication, but only for
> > > non-long (<9 char) passwords, even though UNIXWARE_LONG_PASSWORDS seems
> > > to be defined.  I haven't had time yet to investigate further.
> > 
> > Authentication in the SVR5 space on OpenServer 6 is still lacking.
> > (getluid/setluid)
> > 
> > Probably best to build in the osr5 space for now.
> 
> Your patch fixed password auth for short passwords as expected.
> 
> Needed for long passwords is -DHAVE_SECUREWARE, and -lprot (must be
> searched before -lcrypt).   I also found the following patch to
> openbsd-compat/xcrypt.c was needed though I don't know why.  xcrypt.c
> did not change from 4.6p1 to 4.7p1.  I no longer use password
> authentication so maybe I forgot to test it on 4.6p1.
> 
> This is for udk mode.  I have not tried building in osr mode.

[ prev patch deleted ]

Here's the minimal patch required to get 4.7p1 running with functional
password authentication and long passwords on OSR6 w/MP2 installed (the
patch incorporates the missing HAVE_LIBIAF patch Tim provided above):

-------------
diff -ru orig/openssh-4.7p1/configure.ac openssh-4.7p1/configure.ac
--- orig/openssh-4.7p1/configure.ac	2007-08-10 00:36:12.000000000 -0400
+++ openssh-4.7p1/configure.ac	2007-09-14 10:10:15.768048004 -0400
@@ -672,6 +672,9 @@
 	case "$host" in
 	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
 		TEST_SHELL=/u95/bin/sh
+		LIBS="$LIBS -lprot"
+		AC_DEFINE(DISABLE_SHADOW)
+		AC_DEFINE(HAVE_SECUREWARE)
 		AC_DEFINE(BROKEN_LIBIAF, 1,
 			[ia_uinfo routines not supported by OS yet])
 		AC_DEFINE(BROKEN_UPDWTMPX)
@@ -2004,7 +2007,10 @@
 saved_LIBS="$LIBS"
 AC_CHECK_LIB(iaf, ia_openinfo, [
 	LIBS="$LIBS -liaf"
-	AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
+	AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
+				AC_DEFINE(HAVE_LIBIAF, 1,
+        		[Define if system has libiaf that supports set_id])
+				])
 ])
 LIBS="$saved_LIBS"
 
diff -ru orig/openssh-4.7p1/openbsd-compat/xcrypt.c openssh-4.7p1/openbsd-compat/xcrypt.c
--- orig/openssh-4.7p1/openbsd-compat/xcrypt.c	2007-03-26 12:35:28.000000000 -0400
+++ openssh-4.7p1/openbsd-compat/xcrypt.c	2007-09-14 10:05:57.565168003 -0400
@@ -28,21 +28,21 @@
 #include <unistd.h>
 #include <pwd.h>
 
+# ifdef HAVE_SECUREWARE
+#  include <sys/security.h>
+#  include <sys/audit.h>
+#  include <prot.h>
+# else 
 # ifdef HAVE_CRYPT_H
 #  include <crypt.h>
 # endif
+# endif 
 
 # ifdef __hpux
 #  include <hpsecurity.h>
 #  include <prot.h>
 # endif
 
-# ifdef HAVE_SECUREWARE
-#  include <sys/security.h>
-#  include <sys/audit.h>
-#  include <prot.h>
-# endif 
-
 # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
 #  include <shadow.h>
 # endif

-------------
-- 
Roger Cornelius        rac at tenzing.org