Bug 261

Summary: AIX capabilities + port-aix.c cleanup
Product: Portable OpenSSH Reporter: Jan-Frode Myklebust <janfrode>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: normal    
Priority: P2    
Version: -current   
Hardware: Other   
OS: AIX   
Attachments:
Description Flags
Add extra params to setpcred and setpenv
none
Merge three previous patches.
none
removed setpenv call
none
Would the following be acceptable version of this patch? none

Description Jan-Frode Myklebust 2002-05-31 20:00:33 AEST 
OpenSSH isn't setting the AIX capabilities correctly, so I had a look into
fixing this. It looks to me like port-aix.c could be simplified by removing all
setrlimit() calls and instead use the AIX functions setpcred()/setpenv() to set
up the user environment. They are documented in

   http://tre.ii.uib.no/doc_link/en_US/a_doc_lib/libs/basetrf2/setpcred.htm
   http://tre.ii.uib.no/doc_link/en_US/a_doc_lib/libs/basetrf2/setpenv.htm

Please consider applying the following patches so that we can use OpenSSH to run
jobs on large page enabled AIX systems. The patches have been tested on AIX
5.1D, but according to my IBM contacts also AIX 4 uses these functions for
setting up the login environment.

   http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102266568505721&q=p4
   http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102266568505721&q=p3


   -jf
Comment 1 Darren Tucker 2002-06-06 21:22:03 AEST 
I finally got a chance to try this. I got compile errors with gcc on AIX 4.2.1 
and 4.3.3.

gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. 
-I/usr/local/include -DHAVE_CONFIG_H -c port-aix.c
port-aix.c: In function `set_limits_from_userattr':
port-aix.c:35: too few arguments to function `setpcred'
port-aix.c:36: too few arguments to function `setpenv'

The following patch works for me.
Comment 2 Darren Tucker 2002-06-06 21:25:57 AEST 
Created attachment 107 [details]
Add extra params to setpcred and setpenv
Comment 3 Darren Tucker 2002-06-07 17:55:29 AEST 
Created attachment 109 [details]
Merge three previous patches.
Comment 4 Jan-Frode Myklebust 2002-06-07 19:53:56 AEST 
Created attachment 110 [details]
removed setpenv call
Comment 5 Jan-Frode Myklebust 2002-06-07 19:55:27 AEST 
Two things...

We should probably fail if it fails:

        if (setpcred (user, NULL))
                fatal("Failed to set AIX process credentials.");

and I'm a bit uncertain about the call to setpenv(). I think it does a
bit too much, and with the PENV_INIT it breaks sftp and it doesn't
manage to set the TERM correctly . The effect of calling setpenv() is
that various user environment variables are set up _and_ the user is
given his shell. I think we should just remove the call to setpenv().

Fixed patch attachment above this message..


  -jf
Comment 6 Ben Lindstrom 2002-06-08 00:51:56 AEST 
I'd like to make a single commit to resolve this.  Can someone at IBM or 
someone verify this is the correct way to resolve the code?


- Ben
Comment 7 Denise Genty 2002-06-14 05:34:13 AEST 
I investigated the use of setpcred().  This call is what should be used in 
port-aix.c.  The setpenv() should not be used.
Comment 8 Ben Lindstrom 2002-06-14 05:55:41 AEST 
Created attachment 114 [details]
Would the following be acceptable version of this patch?
Comment 9 Darren Tucker 2002-06-15 23:33:32 AEST 
Worked on my test box (AIX 4.3.3). Patch had HTML LT/GT mangling and missing 
line continuation in configure.ac which required fixing by hand.

+       setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
+       socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
+       truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
Comment 10 Ben Lindstrom 2002-06-21 10:03:06 AEST 
Commited fix.
Comment 11 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED