Bugzilla – Attachment 813 Details for
Bug 835
Enable IPv6 on AIX
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Test for badly broken getaddrinfo on AIX and work around partially busted getnameinfo
openssh-aixipv6.patch (text/plain), 8.56 KB, created by
Darren Tucker
on 2005-02-09 23:27:20 AEDT
(
hide
)
Description:
Test for badly broken getaddrinfo on AIX and work around partially busted getnameinfo
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2005-02-09 23:27:20 AEDT
Size:
8.56 KB
patch
obsolete
>Index: auth.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v >retrieving revision 1.95 >diff -u -p -r1.95 auth.c >--- auth.c 8 Feb 2005 10:52:48 -0000 1.95 >+++ auth.c 9 Feb 2005 07:00:23 -0000 >@@ -209,7 +209,7 @@ allowed_user(struct passwd * pw) > } > > #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER >- if (!sys_auth_allowed_user(pw)) >+ if (!sys_auth_allowed_user(pw, &loginmsg)) > return 0; > #endif > >Index: configure.ac >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/configure.ac,v >retrieving revision 1.237 >diff -u -p -r1.237 configure.ac >--- configure.ac 2 Feb 2005 12:30:25 -0000 1.237 >+++ configure.ac 9 Feb 2005 12:13:38 -0000 >@@ -135,7 +135,7 @@ case "$host" in > [#include <usersec.h>] > ) > AC_CHECK_FUNCS(setauthdb) >- AC_DEFINE(BROKEN_GETADDRINFO) >+ check_for_aix_broken_getaddrinfo=1 > AC_DEFINE(BROKEN_REALPATH) > AC_DEFINE(SETEUID_BREAKS_SETUID) > AC_DEFINE(BROKEN_SETREUID) >@@ -1147,6 +1147,64 @@ main(void) > ) > fi > >+if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then >+ AC_MSG_CHECKING(if getaddrinfo seems to work) >+ AC_TRY_RUN( >+ [ >+#include <stdio.h> >+#include <sys/socket.h> >+#include <netdb.h> >+#include <errno.h> >+#include <netinet/in.h> >+ >+#define TEST_PORT "2222" >+ >+int >+main(void) >+{ >+ int err, sock; >+ struct addrinfo *gai_ai, *ai, hints; >+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; >+ >+ memset(&hints, 0, sizeof(hints)); >+ hints.ai_family = PF_UNSPEC; >+ hints.ai_socktype = SOCK_STREAM; >+ hints.ai_flags = AI_PASSIVE; >+ >+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); >+ if (err != 0) { >+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); >+ exit(1); >+ } >+ >+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { >+ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) >+ continue; >+ >+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, >+ sizeof(ntop), strport, sizeof(strport), >+ NI_NUMERICHOST|NI_NUMERICSERV); >+ >+ if (ai->ai_family == AF_INET && err != 0) { >+ perror("getnameinfo"); >+ exit(2); >+ } >+ } >+ exit(0); >+} >+ ], >+ [ >+ AC_MSG_RESULT(yes) >+ AC_DEFINE(AIX_GETNAMEINFO_HACK, [], >+[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address]) >+ ], >+ [ >+ AC_MSG_RESULT(no) >+ AC_DEFINE(BROKEN_GETADDRINFO) >+ ] >+ ) >+fi >+ > if test "x$check_for_conflicting_getspnam" = "x1"; then > AC_MSG_CHECKING(for conflicting getspnam in shadow.h) > AC_COMPILE_IFELSE( >Index: loginrec.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/loginrec.c,v >retrieving revision 1.65 >diff -u -p -r1.65 loginrec.c >--- loginrec.c 8 Feb 2005 10:52:48 -0000 1.65 >+++ loginrec.c 9 Feb 2005 07:02:35 -0000 >@@ -192,6 +192,8 @@ int lastlog_get_entry(struct logininfo * > int wtmp_get_entry(struct logininfo *li); > int wtmpx_get_entry(struct logininfo *li); > >+extern Buffer loginmsg; >+ > /* pick the shortest string */ > #define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2)) > >@@ -441,7 +443,7 @@ login_write(struct logininfo *li) > #endif > #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN > if (li->type == LTYPE_LOGIN && >- !sys_auth_record_login(li->username,li->hostname,li->line)) >+ !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg)) > logit("Writing login record failed for %s", li->username); > #endif > #ifdef SSH_AUDIT_EVENTS >Index: openbsd-compat/port-aix.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v >retrieving revision 1.27 >diff -u -p -r1.27 port-aix.c >--- openbsd-compat/port-aix.c 9 Feb 2005 06:08:23 -0000 1.27 >+++ openbsd-compat/port-aix.c 9 Feb 2005 12:16:57 -0000 >@@ -34,14 +34,13 @@ > #ifdef _AIX > > #include <uinfo.h> >+#include <sys/socket.h> > #include "port-aix.h" > > /* These should be in the system headers but are not. */ > int usrinfo(int, char *, int); > int setauthdb(const char *, char *); > >-extern Buffer loginmsg; >- > # ifdef HAVE_SETAUTHDB > static char old_registry[REGISTRY_SIZE] = ""; > # endif >@@ -74,6 +73,35 @@ aix_usrinfo(struct passwd *pw) > xfree(cp); > } > >+# if defined(HAVE_GETNAMEINFO) && defined(AIX_GETNAMEINFO_HACK) >+# undef getnameinfo >+/* >+ * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros >+ * IPv6 address into its textual representation ("::"), so we wrap it >+ * with a function that will. >+ */ >+int >+sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, >+ size_t hostlen, char *serv, size_t servlen, int flags) >+{ >+ struct sockaddr_in6 *sa6; >+ u_int32_t *a6; >+ >+ if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && >+ sa->sa_family == AF_INET6) { >+ sa6 = (struct sockaddr_in6 *)sa; >+ a6 = sa6->sin6_addr.u6_addr.u6_addr32; >+ >+ if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { >+ strlcpy(host, "::", hostlen); >+ snprintf(serv, servlen, "%d", sa6->sin6_port); >+ return 0; >+ } >+ } >+ return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); >+} >+# endif /* AIX_GETNAMEINFO_HACK */ >+ > # ifdef WITH_AIXAUTHENTICATE > /* > * Remove embedded newlines in string (if any). >@@ -156,7 +184,7 @@ aix_valid_authentications(const char *us > * returns 0. > */ > int >-sys_auth_passwd(Authctxt *ctxt, const char *password) >+sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) > { > char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; > int authsuccess = 0, expired, reenter, result; >@@ -186,7 +214,7 @@ sys_auth_passwd(Authctxt *ctxt, const ch > */ > expired = passwdexpired(name, &msg); > if (msg && *msg) { >- buffer_append(&loginmsg, msg, strlen(msg)); >+ buffer_append(loginmsg, msg, strlen(msg)); > aix_remove_embedded_newlines(msg); > } > debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); >@@ -219,7 +247,7 @@ sys_auth_passwd(Authctxt *ctxt, const ch > * Returns 1 if login is allowed, 0 if not allowed. > */ > int >-sys_auth_allowed_user(struct passwd *pw) >+sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) > { > char *msg = NULL; > int result, permitted = 0; >@@ -246,7 +274,7 @@ sys_auth_allowed_user(struct passwd *pw) > if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) > permitted = 1; > else if (msg != NULL) >- buffer_append(&loginmsg, msg, strlen(msg)); >+ buffer_append(loginmsg, msg, strlen(msg)); > if (msg == NULL) > msg = xstrdup("(none)"); > aix_remove_embedded_newlines(msg); >@@ -259,7 +287,8 @@ sys_auth_allowed_user(struct passwd *pw) > } > > int >-sys_auth_record_login(const char *user, const char *host, const char *ttynm) >+sys_auth_record_login(const char *user, const char *host, const char *ttynm, >+ Buffer *loginmsg) > { > char *msg; > int success = 0; >@@ -269,7 +298,7 @@ sys_auth_record_login(const char *user, > success = 1; > if (msg != NULL) { > debug("AIX/loginsuccess: msg %s", msg); >- buffer_append(&loginmsg, msg, strlen(msg)); >+ buffer_append(loginmsg, msg, strlen(msg)); > xfree(msg); > } > } >Index: openbsd-compat/port-aix.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v >retrieving revision 1.22 >diff -u -p -r1.22 port-aix.h >--- openbsd-compat/port-aix.h 2 Feb 2005 06:10:11 -0000 1.22 >+++ openbsd-compat/port-aix.h 9 Feb 2005 06:54:24 -0000 >@@ -27,6 +27,10 @@ > > #ifdef _AIX > >+#ifdef HAVE_SYS_SOCKET_H >+# include <sys/socket.h> >+#endif >+ > #ifdef WITH_AIXAUTHENTICATE > # include <login.h> > # include <userpw.h> >@@ -36,6 +40,8 @@ > # include <usersec.h> > #endif > >+#include "buffer.h" >+ > /* Some versions define r_type in the above headers, which causes a conflict */ > #ifdef r_type > # undef r_type >@@ -64,13 +70,23 @@ void aix_usrinfo(struct passwd *); > #ifdef WITH_AIXAUTHENTICATE > # define CUSTOM_SYS_AUTH_PASSWD 1 > # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 >-int sys_auth_allowed_user(struct passwd *); >+int sys_auth_allowed_user(struct passwd *, Buffer *); > # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 >-int sys_auth_record_login(const char *, const char *, const char *); >+int sys_auth_record_login(const char *, const char *, const char *, Buffer *); > # define CUSTOM_FAILED_LOGIN 1 > #endif > > void aix_setauthdb(const char *); > void aix_restoreauthdb(void); > void aix_remove_embedded_newlines(char *); >+ >+#if defined(HAVE_GETNAMEINFO) && defined(AIX_GETNAMEINFO_HACK) >+# ifdef getnameinfo >+# undef getnameinfo >+# endif >+int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, >+ char *, size_t, int); >+# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) >+#endif >+ > #endif /* _AIX */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=813">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
djm
:
ok+
Actions:
View
|
Diff
Attachments on
bug 835
:
809
| 813