OpenSSH on HP-UX 11 with TCB

Sun Apr 30 00:23:15 EST 2000

On Sun, 30 Apr 2000, Damien Miller wrote:

This email even has the patch attached.

> On Sat, 26 Feb 2000, Ged Lodder wrote:
> 
> > Hi,
> > 
> > an updated and more civilized post (to my one and only previous one)
> > on getting OpenSSH to work on HP-UX 11 using the TCB. I used the HP
> > ANSI C compiler.
> 
> Attached is the patch that I have applied. It will be in the 
> openssh-2.0 test release (either tonight or tomorrow).
> 
> Thanks for the fixes!
> 
> Damien
> 
> 

-- 
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)


-------------- next part --------------
? hpsux-tcb.txt
Index: CREDITS
===================================================================
RCS file: /var/cvs/openssh/CREDITS,v
retrieving revision 1.20
diff -u -r1.20 CREDITS

--- CREDITS	2000/04/23 01:14:01	1.20
+++ CREDITS	2000/04/29 14:15:52
@@ -21,6 +21,7 @@
 David Hesprich <darkgrue at gue-tech.org> - Configure fixes
 David Rankin <drankin at bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
 Gary E. Miller <gem at rellim.com> - SCO support
+Ged Lodder <lodder at yacc.com.au> - HPUX fixes and enhancements
 HARUYAMA Seigo <haruyama at nt.phys.s.u-tokyo.ac.jp> - Translations & doc fixes
 Hideaki YOSHIFUJI <yoshfuji at ecei.tohoku.ac.jp> - IPv6 fixes
 Hiroshi Takekawa <takekawa at sr3.t.u-tokyo.ac.jp> - Configure fixes
Index: ChangeLog
===================================================================
RCS file: /var/cvs/openssh/ChangeLog,v
retrieving revision 1.270
diff -u -r1.270 ChangeLog
--- ChangeLog	2000/04/29 13:57:08	1.270
+++ ChangeLog	2000/04/29 14:15:58
@@ -1,3 +1,7 @@
+20000430
+ - Merge HP-UX fixes and TCB support from Ged Lodder <lodder at yacc.com.au>
+ -
+
 20000429
  - Merge big update to OpenSSH-2.0 from OpenBSD CVS
    [README.openssh2]
Index: auth-pam.c
===================================================================
RCS file: /var/cvs/openssh/auth-pam.c,v
retrieving revision 1.3
diff -u -r1.3 auth-pam.c
--- auth-pam.c	2000/04/20 13:12:58	1.3
+++ auth-pam.c	2000/04/29 14:16:00
@@ -226,7 +226,11 @@
 /* Return list of PAM enviornment strings */
 char **fetch_pam_environment(void)
 {
+#ifdef HAVE_PAM_GETENVLIST
 	return(pam_getenvlist((pam_handle_t *)pamh));
+#else /* HAVE_PAM_GETENVLIST */
+	return(NULL);
+#endif /* HAVE_PAM_GETENVLIST */
 }
 
 /* Print any messages that have been generated during authentication */
Index: auth-passwd.c
===================================================================
RCS file: /var/cvs/openssh/auth-passwd.c,v
retrieving revision 1.18
diff -u -r1.18 auth-passwd.c
--- auth-passwd.c	2000/04/16 02:31:49	1.18
+++ auth-passwd.c	2000/04/29 14:16:00
@@ -19,9 +19,12 @@
 #include "xmalloc.h"
 
 #ifdef WITH_AIXAUTHENTICATE
-#include <login.h>
+# include <login.h>
 #endif
-
+#ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
+# include <hpsecurity.h>
+# include <prot.h>
+#endif
 #ifdef HAVE_SHADOW_H
 # include <shadow.h>
 #endif
@@ -108,7 +111,11 @@
 	else
 		encrypted_password = crypt(password, salt);
 #else /* HAVE_MD5_PASSWORDS */    
+# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
+	encrypted_password = bigcrypt(password, salt);
+# else
 	encrypted_password = crypt(password, salt);
+# endif /* HAVE_HPUX_TRUSTED_SYSTEM_PW */
 #endif /* HAVE_MD5_PASSWORDS */    
 
 	/* Authentication is accepted if the encrypted passwords are identical. */
Index: configure.in
===================================================================
RCS file: /var/cvs/openssh/configure.in,v
retrieving revision 1.111
diff -u -r1.111 configure.in
--- configure.in	2000/04/23 01:14:02	1.111
+++ configure.in	2000/04/29 14:16:00
@@ -56,6 +56,28 @@
 	MANTYPE='$(CATMAN)'
 	mansubdir=cat
 	;;
+*-*-hpux11*)
+	if test -z "$GCC"; then
+		CFLAGS="$CFLAGS -Ae"
+	fi
+	CFLAGS="$CFLAGS -D_HPUX_SOURCE"
+	CFLAGS="$CFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	AC_DEFINE(IPADDR_IN_DISPLAY)
+	AC_DEFINE(USE_UTMPX)
+	AC_MSG_CHECKING(for HPUX trusted system password database)
+	if test -f /tcb/files/auth/system/default; then
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW)
+		LIBS="$LIBS -lsec"
+		AC_MSG_WARN([This configuration is untested])
+	else
+		AC_MSG_RESULT(no)
+		AC_DEFINE(DISABLE_SHADOW)
+	fi
+	MANTYPE='$(CATMAN)'
+	mansubdir=cat
+	;;
 *-*-irix5*)
 	CFLAGS="$CFLAGS -I/usr/local/include"
 	LDFLAGS="$LDFLAGS -L/usr/local/lib"
@@ -139,6 +161,8 @@
 if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then
 	AC_CHECK_LIB(dl, dlopen, , )
 	LIBS="$LIBS -lpam"
+
+	AC_CHECK_FUNC(pam_getenvlist)
 
 	# Check PAM strerror arguments (old PAM)
 	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
