Bug 184

Summary: 3.1p1 openssh fails to build a working sshd on Trusted HP-UX 10.26
Product: Portable OpenSSH Reporter: Darren Cole <dcole>
Component: sshdAssignee: Kevin Steves <stevesk>
Status: CLOSED FIXED    
Severity: major CC: openssh-bugs
Priority: P2 Keywords: patch
Version: -current   
Hardware: HPPA   
OS: HP-UX   
Attachments:
Description Flags
better style (no c++ comments), and incorporation of suggestions
none
Patch for Fix Trusted HP-UX against current CVS (this morning 4-9-2002) none

Description Darren Cole 2002-03-26 08:46:35 AEDT 
sshd fails work when trying to build on Trusted HP-UX 10.26
----patch-----
diff -cr openssh-3.1p1.orig/acconfig.h openssh-3.1p1/acconfig.h
*** openssh-3.1p1.orig/acconfig.h	Tue Feb 26 16:40:49 2002
--- openssh-3.1p1/acconfig.h	Thu Mar 21 23:19:56 2002
***************
*** 222,227 ****
--- 222,229 ----
  
  /* Defined if in_systm.h needs to be included with netinet/ip.h (HPUX -
<sigh/>) */
  #undef NEED_IN_SYSTM_H
+ /* Defined if on a Trusted HPUX system */
+ #undef TRUSTED_HPUX
  
  /* Define if you have an old version of PAM which takes only one argument */
  /* to pam_strerror */
diff -cr openssh-3.1p1.orig/auth2.c openssh-3.1p1/auth2.c
*** openssh-3.1p1.orig/auth2.c	Tue Feb 26 18:09:43 2002
--- openssh-3.1p1/auth2.c	Fri Mar 22 22:39:22 2002
***************
*** 23,28 ****
--- 23,32 ----
   */
  
  #include "includes.h"
+ #ifdef TRUSTED_HPUX
+ #include <sys/security.h>
+ #include <prot.h>
+ #endif
  RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $");
  
  #include <openssl/evp.h>
***************
*** 183,190 ****
--- 187,209 ----
  
  	if (authctxt->attempt++ == 0) {
  		/* setup auth context */
+ #ifdef TRUSTED_HPUX
+ 		struct pr_passwd *pr_pw = NULL;
+ #endif
  		struct passwd *pw = NULL;
  		pw = getpwnam(user);
+ 
+ #ifdef TRUSTED_HPUX
+ 		//Trusted HP-UX passwords are stored differently 
+ 		//you need to call getprpwnam to get the password for
+ 		//a user.
+ 		pr_pw = getprpwnam(pw->pw_name);
+ 		//This dies with a bus error, but isn't
+ 		//this a pointer that should be freed
+ 		//before we reassign?
+ 		//free(pw->pw_passwd);
+ 		pw->pw_passwd=pr_pw->ufld.fd_encrypt;
+ #endif
  		if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
  			authctxt->pw = pwcopy(pw);
  			authctxt->valid = 1;
Common subdirectories: openssh-3.1p1.orig/autom4te.cache and
openssh-3.1p1/autom4te.cache
diff -cr openssh-3.1p1.orig/configure.ac openssh-3.1p1/configure.ac
*** openssh-3.1p1.orig/configure.ac	Wed Feb 27 06:12:35 2002
--- openssh-3.1p1/configure.ac	Fri Mar 22 00:08:59 2002
***************
*** 80,85 ****
--- 80,100 ----
  *-*-darwin*)
  	AC_DEFINE(BROKEN_GETADDRINFO)
  	;;
+ *-*-hpux10.26)
+ 	if test -z "$GCC"; then
+ 		CFLAGS="$CFLAGS -Ae"
+ 	fi
+ 	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE
-D_XOPEN_SOURCE_EXTENDED=1"
+ 	IPADDR_IN_DISPLAY=yes
+ 	AC_DEFINE(USE_PIPES)
+ 	AC_DEFINE(TRUSTED_HPUX)
+ 	AC_DEFINE(LOGIN_NEEDS_UTMPX)
+ 	AC_DEFINE(DISABLE_SHADOW)
+ 	AC_DEFINE(DISABLE_UTMP)
+ 	AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ 	LIBS="$LIBS -lxnet -lsec -lsecpw"
+ 	disable_ptmx_check=yes
+ 	;;
  *-*-hpux10*)
  	if test -z "$GCC"; then
  		CFLAGS="$CFLAGS -Ae"
***************
*** 1769,1780 ****
  fi
  
  if test -z "$no_dev_ptmx" ; then
! 	AC_CHECK_FILE("/dev/ptmx", 
! 		[
! 			AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
! 			have_dev_ptmx=1
! 		]
! 	)
  fi
  AC_CHECK_FILE("/dev/ptc", 
  	[
--- 1784,1797 ----
  fi
  
  if test -z "$no_dev_ptmx" ; then
! 	if test "x$disable_ptmx_check" != "xyes" ; then
! 		AC_CHECK_FILE("/dev/ptmx", 
! 			[
! 				AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
! 				have_dev_ptmx=1
! 			]
! 		)
! 	fi
  fi
  AC_CHECK_FILE("/dev/ptc", 
  	[
Common subdirectories: openssh-3.1p1.orig/contrib and openssh-3.1p1/contrib
Common subdirectories: openssh-3.1p1.orig/openbsd-compat and
openssh-3.1p1/openbsd-compat
Common subdirectories: openssh-3.1p1.orig/scard and openssh-3.1p1/scard
diff -cr openssh-3.1p1.orig/session.c openssh-3.1p1/session.c
*** openssh-3.1p1.orig/session.c	Mon Feb 25 15:48:03 2002
--- openssh-3.1p1/session.c	Fri Mar 22 22:56:30 2002
***************
*** 1285,1291 ****
--- 1285,1297 ----
  #ifdef LOGIN_NEEDS_TERM
  		    (s->term ? s->term : "unknown"),
  #endif /* LOGIN_NEEDS_TERM */
+ #ifdef TRUSTED_HPUX
+ 			// the "--" makes login hang on Trusted HP-UX
+ 			// 10.26
+ 		    "-p", "-f", pw->pw_name, (char *)NULL);
+ #else
  		    "-p", "-f", "--", pw->pw_name, (char *)NULL);
+ #endif
  
  		/* Login couldn't be executed, die. */
  
***************
*** 1736,1741 ****
--- 1742,1757 ----
  	 */
  	if (c->ostate != CHAN_OUTPUT_CLOSED)
  		chan_write_failed(c);
+ #ifdef TRUSTED_HPUX
+ 	//Took two lines from a patch at:
+ 	//	<http://www.math.ualberta.ca/imaging/snfs/>
+ 	//by John C. Bowman
+ 	//There is some speculation that you could possibly
+ 	//see data loss from this on usenet.  But without
+ 	//this sshd does not exit on logout.
+ 	if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
+ 		chan_read_failed(c);
+ #endif
  	s->chanid = -1;
  }
  
diff -cr openssh-3.1p1.orig/sshd.c openssh-3.1p1/sshd.c
*** openssh-3.1p1.orig/sshd.c	Tue Mar  5 01:31:30 2002
--- openssh-3.1p1/sshd.c	Fri Mar 22 22:32:56 2002
***************
*** 45,50 ****
--- 45,54 ----
  #include <openssl/dh.h>
  #include <openssl/bn.h>
  #include <openssl/md5.h>
+ //Trusted HP-UX
+ #include <sys/security.h>
+ #include <prot.h>
+ //end Trusted HP-UX
  
  #include "ssh.h"
  #include "ssh1.h"
***************
*** 596,601 ****
--- 600,610 ----
  	int startups = 0;
  	Key *key;
  	int ret, key_used = 0;
+ #ifdef TRUSTED_HPUX
+ 	//This call is needed for getprpwnam in auth2.c
+ 	//to initialize the security system for Trusted HP-UX
+ 	set_auth_parameters(ac, av);
+ #endif
  
  	__progname = get_progname(av[0]);
  	init_rng();
Comment 1 Darren Cole 2002-04-04 08:10:24 AEST 
Created attachment 60 [details]
better style (no c++ comments), and incorporation of suggestions
Comment 2 Kevin Steves 2002-04-07 22:03:10 AEST 
this already exists in HAVE_SCO_PROTECTED_PW.
this should probably be changed to use #ifdef SecureWare.
prefer to see error checking on set_auth_parameters().
we probably want BROKEN_LOGIN for login that can't handle "--".
didn't look at configure much right now.
Comment 3 Darren Cole 2002-04-10 05:46:41 AEST 
good idea, changed HAVE_SCO_PROTECTED_PW to HAVE_SECUREWARE_PW
BROKEN_LOGIN for login's that can't handle "--"
set_auth_parameters doesn't have a return value (it just exits the who program
on errors)
Left in TRUSTED_HPUX ifdef for hang on exit fix (Trusted HPUX hangs every time,
even if the only command typed in after logging in was exit).  Better ways to
fix this welcome.
The patch will be attached shortly.  Comments welcome.
Comment 4 Darren Cole 2002-04-10 05:50:26 AEST 
Created attachment 67 [details]
Patch for Fix Trusted HP-UX against current CVS (this morning 4-9-2002)
Comment 5 Kevin Steves 2002-04-26 04:18:34 AEST 
applied modified patch
Comment 6 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED