Attachment 67 Details for Bug 184 – Patch for Fix Trusted HP-UX against current CVS (this morning 4-9-2002)

[patch] Patch for Fix Trusted HP-UX against current CVS (this morning 4-9-2002)

openssh-CVS-hpux-submitted3.patch (text/plain), 9.48 KB, created by Darren Cole on 2002-04-10 05:50:26 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Cole

Created: 2002-04-10 05:50:26 AEST

Size: 9.48 KB

patch

obsolete

>diff -cr openssh.orig/acconfig.h openssh/acconfig.h
>*** openssh.orig/acconfig.h	Sun Apr  7 19:22:54 2002
>--- openssh/acconfig.h	Tue Apr  9 19:06:15 2002
>***************
>*** 16,22 ****
>  #undef BROKEN_SYS_TERMIO_H
>  
>  /* Define if you have SCO protected password database */
>! #undef HAVE_SCO_PROTECTED_PW
>  
>  /* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
>  /* from environment and PATH */
>--- 16,22 ----
>  #undef BROKEN_SYS_TERMIO_H
>  
>  /* Define if you have SCO protected password database */
>! #undef HAVE_SECUREWARE_PW
>  
>  /* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
>  /* from environment and PATH */
>***************
>*** 165,170 ****
>--- 165,173 ----
>  /* Some versions of /bin/login need the TERM supplied on the commandline */
>  #undef LOGIN_NEEDS_TERM
>  
>+ /* Define if your login program hangs when launch with a "--" (HPUX 10.26) */
>+ #undef BROKEN_LOGIN
>+ 
>  /* Define if you want to specify the path to your lastlog file */
>  #undef CONF_LASTLOG_FILE
>  
>***************
>*** 236,241 ****
>--- 239,246 ----
>  
>  /* Defined if in_systm.h needs to be included with netinet/ip.h (HPUX - <sigh/>) */
>  #undef NEED_IN_SYSTM_H
>+ /* Defined if on a Trusted HPUX system */
>+ #undef TRUSTED_HPUX
>  
>  /* Define if you have an old version of PAM which takes only one argument */
>  /* to pam_strerror */
>diff -cr openssh.orig/auth-passwd.c openssh/auth-passwd.c
>*** openssh.orig/auth-passwd.c	Thu Apr  4 19:02:28 2002
>--- openssh/auth-passwd.c	Tue Apr  9 19:08:34 2002
>***************
>*** 55,65 ****
>  #  include <hpsecurity.h>
>  #  include <prot.h>
>  # endif
>! # ifdef HAVE_SCO_PROTECTED_PW
>  #  include <sys/security.h>
>  #  include <sys/audit.h>
>  #  include <prot.h>
>! # endif /* HAVE_SCO_PROTECTED_PW */
>  # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
>  #  include <shadow.h>
>  # endif
>--- 55,65 ----
>  #  include <hpsecurity.h>
>  #  include <prot.h>
>  # endif
>! # ifdef HAVE_SECUREWARE_PW
>  #  include <sys/security.h>
>  #  include <sys/audit.h>
>  #  include <prot.h>
>! # endif /* HAVE_SECUREWARE_PW */
>  # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
>  #  include <shadow.h>
>  # endif
>***************
>*** 102,113 ****
>  	char *encrypted_password;
>  	char *pw_password;
>  	char *salt;
>! #ifdef __hpux
>  	struct pr_passwd *spw;
>  #endif
>! #ifdef HAVE_SCO_PROTECTED_PW
>  	struct pr_passwd *spw;
>! #endif /* HAVE_SCO_PROTECTED_PW */
>  #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
>  	struct spwd *spw;
>  #endif
>--- 102,113 ----
>  	char *encrypted_password;
>  	char *pw_password;
>  	char *salt;
>! #if defined(__hpux) && !defined(HAVE_SECUREWARE_PW)
>  	struct pr_passwd *spw;
>  #endif
>! #ifdef HAVE_SECUREWARE_PW
>  	struct pr_passwd *spw;
>! #endif /* HAVE_SECUREWARE_PW */
>  #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
>  	struct spwd *spw;
>  #endif
>***************
>*** 183,193 ****
>  		pw_password = spw->sp_pwdp;
>  #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
>  
>! #ifdef HAVE_SCO_PROTECTED_PW
>  	spw = getprpwnam(pw->pw_name);
>  	if (spw != NULL)
>  		pw_password = spw->ufld.fd_encrypt;
>! #endif /* HAVE_SCO_PROTECTED_PW */
>  
>  #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
>  	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
>--- 183,193 ----
>  		pw_password = spw->sp_pwdp;
>  #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
>  
>! #ifdef HAVE_SECUREWARE_PW
>  	spw = getprpwnam(pw->pw_name);
>  	if (spw != NULL)
>  		pw_password = spw->ufld.fd_encrypt;
>! #endif /* HAVE_SECUREWARE_PW */
>  
>  #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
>  	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
>***************
>*** 194,200 ****
>  		pw_password = spw->pwa_passwd;
>  #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
>  
>! #if defined(__hpux)
>  	if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
>  		pw_password = spw->ufld.fd_encrypt;
>  #endif /* defined(__hpux) */
>--- 194,200 ----
>  		pw_password = spw->pwa_passwd;
>  #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
>  
>! #if defined(__hpux) && !defined(HAVE_SECUREWARE_PW)
>  	if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
>  		pw_password = spw->ufld.fd_encrypt;
>  #endif /* defined(__hpux) */
>***************
>*** 214,230 ****
>  	else
>  		encrypted_password = crypt(password, salt);
>  #else /* HAVE_MD5_PASSWORDS */
>! # ifdef __hpux
>  	if (iscomsec())
>  		encrypted_password = bigcrypt(password, salt);
>  	else
>  		encrypted_password = crypt(password, salt);
>  # else
>! #  ifdef HAVE_SCO_PROTECTED_PW
>  	encrypted_password = bigcrypt(password, salt);
>  #  else
>  	encrypted_password = crypt(password, salt);
>! #  endif /* HAVE_SCO_PROTECTED_PW */
>  # endif /* __hpux */
>  #endif /* HAVE_MD5_PASSWORDS */
>  
>--- 214,230 ----
>  	else
>  		encrypted_password = crypt(password, salt);
>  #else /* HAVE_MD5_PASSWORDS */
>! # if defined(__hpux) && !defined(HAVE_SECUREWARE_PW)
>  	if (iscomsec())
>  		encrypted_password = bigcrypt(password, salt);
>  	else
>  		encrypted_password = crypt(password, salt);
>  # else
>! #  ifdef HAVE_SECUREWARE_PW
>  	encrypted_password = bigcrypt(password, salt);
>  #  else
>  	encrypted_password = crypt(password, salt);
>! #  endif /* HAVE_SECUREWARE_PW */
>  # endif /* __hpux */
>  #endif /* HAVE_MD5_PASSWORDS */
>  
>diff -cr openssh.orig/configure.ac openssh/configure.ac
>*** openssh.orig/configure.ac	Mon Apr  8 18:37:09 2002
>--- openssh/configure.ac	Tue Apr  9 19:09:30 2002
>***************
>*** 79,84 ****
>--- 79,101 ----
>  *-*-darwin*)
>  	AC_DEFINE(BROKEN_GETADDRINFO)
>  	;;
>+ *-*-hpux10.26)
>+ 	if test -z "$GCC"; then
>+ 		CFLAGS="$CFLAGS -Ae"
>+ 	fi
>+ 	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
>+ 	IPADDR_IN_DISPLAY=yes
>+ 	AC_DEFINE(HAVE_SECUREWARE_PW)
>+ 	AC_DEFINE(USE_PIPES)
>+ 	AC_DEFINE(BROKEN_LOGIN)
>+ 	AC_DEFINE(TRUSTED_HPUX)
>+ 	AC_DEFINE(LOGIN_NEEDS_UTMPX)
>+ 	AC_DEFINE(DISABLE_SHADOW)
>+ 	AC_DEFINE(DISABLE_UTMP)
>+ 	AC_DEFINE(SPT_TYPE,SPT_PSTAT)
>+ 	LIBS="$LIBS -lxnet -lsec -lsecpw"
>+ 	disable_ptmx_check=yes
>+ 	;;
>  *-*-hpux10*)
>  	if test -z "$GCC"; then
>  		CFLAGS="$CFLAGS -Ae"
>***************
>*** 217,223 ****
>  	no_dev_ptmx=1
>  	AC_DEFINE(BROKEN_SYS_TERMIO_H)
>  	AC_DEFINE(USE_PIPES)
>! 	AC_DEFINE(HAVE_SCO_PROTECTED_PW)
>  	AC_DEFINE(DISABLE_SHADOW)
>  	AC_DEFINE(BROKEN_SAVED_UIDS)
>  	AC_CHECK_FUNCS(getluid setluid)
>--- 234,240 ----
>  	no_dev_ptmx=1
>  	AC_DEFINE(BROKEN_SYS_TERMIO_H)
>  	AC_DEFINE(USE_PIPES)
>! 	AC_DEFINE(HAVE_SECUREWARE_PW)
>  	AC_DEFINE(DISABLE_SHADOW)
>  	AC_DEFINE(BROKEN_SAVED_UIDS)
>  	AC_CHECK_FUNCS(getluid setluid)
>***************
>*** 231,237 ****
>  	no_dev_ptmx=1
>  	rsh_path="/usr/bin/rcmd"
>  	AC_DEFINE(USE_PIPES)
>! 	AC_DEFINE(HAVE_SCO_PROTECTED_PW)
>  	AC_DEFINE(DISABLE_SHADOW)
>  	AC_CHECK_FUNCS(getluid setluid)
>  	MANTYPE=man
>--- 248,254 ----
>  	no_dev_ptmx=1
>  	rsh_path="/usr/bin/rcmd"
>  	AC_DEFINE(USE_PIPES)
>! 	AC_DEFINE(HAVE_SECUREWARE_PW)
>  	AC_DEFINE(DISABLE_SHADOW)
>  	AC_CHECK_FUNCS(getluid setluid)
>  	MANTYPE=man
>***************
>*** 1874,1885 ****
>  fi
>  
>  if test -z "$no_dev_ptmx" ; then
>! 	AC_CHECK_FILE("/dev/ptmx", 
>! 		[
>! 			AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
>! 			have_dev_ptmx=1
>! 		]
>! 	)
>  fi
>  AC_CHECK_FILE("/dev/ptc", 
>  	[
>--- 1891,1904 ----
>  fi
>  
>  if test -z "$no_dev_ptmx" ; then
>! 	if test "x$disable_ptmx_check" != "xyes" ; then
>! 		AC_CHECK_FILE("/dev/ptmx", 
>! 			[
>! 				AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
>! 				have_dev_ptmx=1
>! 			]
>! 		)
>! 	fi
>  fi
>  AC_CHECK_FILE("/dev/ptc", 
>  	[
>diff -cr openssh.orig/session.c openssh/session.c
>*** openssh.orig/session.c	Tue Apr  2 20:35:38 2002
>--- openssh/session.c	Tue Apr  9 18:52:07 2002
>***************
>*** 1117,1123 ****
>--- 1117,1128 ----
>  #ifdef xxxLOGIN_NEEDS_TERM
>                      (s->term ? s->term : "unknown"),
>  #endif /* LOGIN_NEEDS_TERM */
>+ #ifdef BROKEN_LOGIN
>+ 			/* The "--" makes login hang on Trusted HP-UX 10.26 */
>+ 			"-p", "-f", pw->pw_name, (char *)NULL);
>+ #else
>  	    "-p", "-f", "--", pw->pw_name, (char *)NULL);
>+ #endif
>  
>  	/* Login couldn't be executed, die. */
>  
>***************
>*** 1727,1732 ****
>--- 1732,1749 ----
>  	 */
>  	if (c->ostate != CHAN_OUTPUT_CLOSED)
>  		chan_write_failed(c);
>+ #ifdef TRUSTED_HPUX
>+ 	/*
>+ 	 * Took two lines from a patch at:
>+ 	 *	<http://www.math.ualberta.ca/imaging/snfs/>
>+ 	 * by John C. Bowman
>+ 	 * There is some speculation that you could possibly
>+ 	 * see data loss from this on usenet.  But without
>+ 	 * this sshd does not exit on logout.
>+ 	 */
>+ 	if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN)
>+ 		chan_read_failed(c);
>+ #endif
>  	s->chanid = -1;
>  }
>  
>diff -cr openssh.orig/sshd.c openssh/sshd.c
>*** openssh.orig/sshd.c	Tue Apr  2 20:48:20 2002
>--- openssh/sshd.c	Tue Apr  9 19:12:36 2002
>***************
>*** 47,53 ****
>  #include <openssl/dh.h>
>  #include <openssl/bn.h>
>  #include <openssl/md5.h>
>! #include <openssl/rand.h>
>  
>  #include "ssh.h"
>  #include "ssh1.h"
>--- 47,56 ----
>  #include <openssl/dh.h>
>  #include <openssl/bn.h>
>  #include <openssl/md5.h>
>! #ifdef HAVE_SECUREWARE_PW
>! #include <sys/security.h>
>! #include <prot.h>
>! #endif
>  
>  #include "ssh.h"
>  #include "ssh1.h"
>***************
>*** 785,790 ****
>--- 788,797 ----
>  	Key *key;
>  	int ret, key_used = 0;
>  
>+ #ifdef HAVE_SECUREWARE_PW
>+ 	(void) set_auth_parameters(ac, av);
>+ #endif
>+ 
>  	__progname = get_progname(av[0]);
>  	init_rng();
>  
>***************
>*** 996,1005 ****
>  	/* Configuration looks good, so exit if in test mode. */
>  	if (test_flag)
>  		exit(0);
>- 
>- #ifdef HAVE_SCO_PROTECTED_PW
>- 	(void) set_auth_parameters(ac, av);
>- #endif
>  
>  	/* Initialize the log (it is reinitialized below in case we forked). */
>  	if (debug_flag && !inetd_flag)
>--- 1003,1008 ----

Actions: View | Diff

Attachments on bug 184: 60 | 67