sshd fails work when trying to build on Trusted HP-UX 10.26 ----patch----- diff -cr openssh-3.1p1.orig/acconfig.h openssh-3.1p1/acconfig.h *** openssh-3.1p1.orig/acconfig.h Tue Feb 26 16:40:49 2002 --- openssh-3.1p1/acconfig.h Thu Mar 21 23:19:56 2002 *************** *** 222,227 **** --- 222,229 ---- /* Defined if in_systm.h needs to be included with netinet/ip.h (HPUX - <sigh/>) */ #undef NEED_IN_SYSTM_H + /* Defined if on a Trusted HPUX system */ + #undef TRUSTED_HPUX /* Define if you have an old version of PAM which takes only one argument */ /* to pam_strerror */ diff -cr openssh-3.1p1.orig/auth2.c openssh-3.1p1/auth2.c *** openssh-3.1p1.orig/auth2.c Tue Feb 26 18:09:43 2002 --- openssh-3.1p1/auth2.c Fri Mar 22 22:39:22 2002 *************** *** 23,28 **** --- 23,32 ---- */ #include "includes.h" + #ifdef TRUSTED_HPUX + #include <sys/security.h> + #include <prot.h> + #endif RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $"); #include <openssl/evp.h> *************** *** 183,190 **** --- 187,209 ---- if (authctxt->attempt++ == 0) { /* setup auth context */ + #ifdef TRUSTED_HPUX + struct pr_passwd *pr_pw = NULL; + #endif struct passwd *pw = NULL; pw = getpwnam(user); + + #ifdef TRUSTED_HPUX + //Trusted HP-UX passwords are stored differently + //you need to call getprpwnam to get the password for + //a user. + pr_pw = getprpwnam(pw->pw_name); + //This dies with a bus error, but isn't + //this a pointer that should be freed + //before we reassign? + //free(pw->pw_passwd); + pw->pw_passwd=pr_pw->ufld.fd_encrypt; + #endif if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) { authctxt->pw = pwcopy(pw); authctxt->valid = 1; Common subdirectories: openssh-3.1p1.orig/autom4te.cache and openssh-3.1p1/autom4te.cache diff -cr openssh-3.1p1.orig/configure.ac openssh-3.1p1/configure.ac *** openssh-3.1p1.orig/configure.ac Wed Feb 27 06:12:35 2002 --- openssh-3.1p1/configure.ac Fri Mar 22 00:08:59 2002 *************** *** 80,85 **** --- 80,100 ---- *-*-darwin*) AC_DEFINE(BROKEN_GETADDRINFO) ;; + *-*-hpux10.26) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -Ae" + fi + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" + IPADDR_IN_DISPLAY=yes + AC_DEFINE(USE_PIPES) + AC_DEFINE(TRUSTED_HPUX) + AC_DEFINE(LOGIN_NEEDS_UTMPX) + AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(DISABLE_UTMP) + AC_DEFINE(SPT_TYPE,SPT_PSTAT) + LIBS="$LIBS -lxnet -lsec -lsecpw" + disable_ptmx_check=yes + ;; *-*-hpux10*) if test -z "$GCC"; then CFLAGS="$CFLAGS -Ae" *************** *** 1769,1780 **** fi if test -z "$no_dev_ptmx" ; then ! AC_CHECK_FILE("/dev/ptmx", ! [ ! AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) ! have_dev_ptmx=1 ! ] ! ) fi AC_CHECK_FILE("/dev/ptc", [ --- 1784,1797 ---- fi if test -z "$no_dev_ptmx" ; then ! if test "x$disable_ptmx_check" != "xyes" ; then ! AC_CHECK_FILE("/dev/ptmx", ! [ ! AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) ! have_dev_ptmx=1 ! ] ! ) ! fi fi AC_CHECK_FILE("/dev/ptc", [ Common subdirectories: openssh-3.1p1.orig/contrib and openssh-3.1p1/contrib Common subdirectories: openssh-3.1p1.orig/openbsd-compat and openssh-3.1p1/openbsd-compat Common subdirectories: openssh-3.1p1.orig/scard and openssh-3.1p1/scard diff -cr openssh-3.1p1.orig/session.c openssh-3.1p1/session.c *** openssh-3.1p1.orig/session.c Mon Feb 25 15:48:03 2002 --- openssh-3.1p1/session.c Fri Mar 22 22:56:30 2002 *************** *** 1285,1291 **** --- 1285,1297 ---- #ifdef LOGIN_NEEDS_TERM (s->term ? s->term : "unknown"), #endif /* LOGIN_NEEDS_TERM */ + #ifdef TRUSTED_HPUX + // the "--" makes login hang on Trusted HP-UX + // 10.26 + "-p", "-f", pw->pw_name, (char *)NULL); + #else "-p", "-f", "--", pw->pw_name, (char *)NULL); + #endif /* Login couldn't be executed, die. */ *************** *** 1736,1741 **** --- 1742,1757 ---- */ if (c->ostate != CHAN_OUTPUT_CLOSED) chan_write_failed(c); + #ifdef TRUSTED_HPUX + //Took two lines from a patch at: + // <http://www.math.ualberta.ca/imaging/snfs/> + //by John C. Bowman + //There is some speculation that you could possibly + //see data loss from this on usenet. But without + //this sshd does not exit on logout. + if (s->ttyfd != -1 && c->istate == CHAN_INPUT_OPEN) + chan_read_failed(c); + #endif s->chanid = -1; } diff -cr openssh-3.1p1.orig/sshd.c openssh-3.1p1/sshd.c *** openssh-3.1p1.orig/sshd.c Tue Mar 5 01:31:30 2002 --- openssh-3.1p1/sshd.c Fri Mar 22 22:32:56 2002 *************** *** 45,50 **** --- 45,54 ---- #include <openssl/dh.h> #include <openssl/bn.h> #include <openssl/md5.h> + //Trusted HP-UX + #include <sys/security.h> + #include <prot.h> + //end Trusted HP-UX #include "ssh.h" #include "ssh1.h" *************** *** 596,601 **** --- 600,610 ---- int startups = 0; Key *key; int ret, key_used = 0; + #ifdef TRUSTED_HPUX + //This call is needed for getprpwnam in auth2.c + //to initialize the security system for Trusted HP-UX + set_auth_parameters(ac, av); + #endif __progname = get_progname(av[0]); init_rng();
Created attachment 60 [details] better style (no c++ comments), and incorporation of suggestions
this already exists in HAVE_SCO_PROTECTED_PW. this should probably be changed to use #ifdef SecureWare. prefer to see error checking on set_auth_parameters(). we probably want BROKEN_LOGIN for login that can't handle "--". didn't look at configure much right now.
good idea, changed HAVE_SCO_PROTECTED_PW to HAVE_SECUREWARE_PW BROKEN_LOGIN for login's that can't handle "--" set_auth_parameters doesn't have a return value (it just exits the who program on errors) Left in TRUSTED_HPUX ifdef for hang on exit fix (Trusted HPUX hangs every time, even if the only command typed in after logging in was exit). Better ways to fix this welcome. The patch will be attached shortly. Comments welcome.
Created attachment 67 [details] Patch for Fix Trusted HP-UX against current CVS (this morning 4-9-2002)
applied modified patch
Mass change of RESOLVED bugs to CLOSED