When compiling ssh on an older Linux system with a 2.0 kernel and libc5, compile errors arise because configure erroneously defines HAVE_CONTROL_IN_MSGHDR in config.h. This results in undefined references: ./libssh.a(monitor_fdpass.o): In function `mm_send_fd': /Packages/ssh/openssh-3.4p1/monitor_fdpass.c:54: undefined reference to `CMSG_FIRSTHDR' /Packages/ssh/openssh-3.4p1/monitor_fdpass.c:58: undefined reference to `CMSG_DATA' ./libssh.a(monitor_fdpass.o): In function `mm_receive_fd': /Packages/ssh/openssh-3.4p1/monitor_fdpass.c:114: undefined reference to `CMSG_FIRSTHDR' /Packages/ssh/openssh-3.4p1/monitor_fdpass.c:118: undefined reference to `CMSG_DATA' make: *** [ssh] Error 1 Commenting out the line /* #define HAVE_CONTROL_IN_MSGHDR 1 */ results in a working version, although PrivilegeSeparation does not work then and you have to disable it in the config file.
Please post the section of your config.log where it is doing the msghdr tests.
configure:13893: checking for msg_accrights field in struct msghdr configure:13922: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wno- uninitialized -I/usr/local/ssl /include -L/usr/local/ssl/lib conftest.c -lbsd -lz -lcrypto >&5 configure: In function `main': configure:13914: structure has no member named `msg_accrights' configure:13925: $? = 1 configure: program exited with status 1 configure: failed program was: #line 13904 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/socket.h> #include <sys/uio.h> int main() { #ifdef msg_accrights exit(1); #endif struct msghdr m; m.msg_accrights = 0; exit(0); } configure:13945: result: no configure:13954: checking for msg_control field in struct msghdr configure:13983: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wno- uninitialized -I/usr/local/ssl /include -L/usr/local/ssl/lib conftest.c -lbsd -lz -lcrypto >&5 ac_cv_have_accrights_in_msghdr=no ac_cv_have_clock_t=yes ac_cv_have_control_in_msghdr=yes #define HAVE_CONTROL_IN_MSGHDR 1
I think that this was fixed in CVS recently: - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels, privsep should now work.
Actually, I think this is a different problem to bug #544 but I've also had reports of libc5 working with recent OpenSSH versions. Anyway, please try a snapshot and re-open this is not fixed.
I've had a report from Dr. Oliver Schurr that this is still a problem with (at least) libc5 v5.4.46.
Created attachment 308 [details] Add check for CMSG_FIRSTHDR to configure Please try the attached patch. You will need to run "autoreconf" to rebuild configure. Style question: is it OK to combine the tests like this (perhaps expanding on the comment) or should I add another AC_TRY_RUN()?
Probably best as two tests (we need to rework configure significantly though)
Created attachment 344 [details] Add CMSG_DATA and CMSG_FIRSTHDR macros to monitor_fdpass.h It seems that the kernel capabilities are there it's just the macros are missing. How about stealing the macros from OpenBSD rather the messing with configure? Then privsep might even work on those Linux/libc5 boxes. Anyone care to test this? I don't have an old enough Linux...
Created attachment 365 [details] Make OpenSSH work on old Linuxes Found a really old redhat CD and installed it on my test machine.... # uname -r 1.2.13 # rpm -q libc libc-5.2.18-1 The patch changes: session.c: only does session_break_req if TIOCSBRK is defined. bsd-misc.h: adds CMSG_DATA and CMSG_FIRSTHDR macros (stolen from OpenBSD). canohost.c: only does check_ip_options if IP_OPTIONS is defined. Everything appears to work OK apart from PrivSep (because mmap seems terminally broken). With a newer kernel with a working mmap, PrivSep might even work. Anyone complaining about older systems is on their own :-). Anything objectionable in this patch?
The patchs looks good, except I think that the definitions added to bsd-misc.h should instead go to defines.h
OK, have moved the CMSG_* macros to defines.h, eliminated MY_ALIGN(), re-tested and committed. If you want to try it, grab tomorrow's snapshot from: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/snapshot/
Mass change of RESOLVED bugs to CLOSED