OpenSSH 3.3p1 fails on AIX5.1 with UsePrivilegeSeparation enabled. If the server is running with '-d' the client prints /etc/motd and then dies with the message: Couldn't set usrinfo: Operation not permitted. debug1: Calling cleanup 0x2002a5ec(0x20032b58) debug1: Calling cleanup 0x2002a430(0x0) Connection to en closed by remote host. Connection to en closed. Commenting out: if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); from openbsd-compat/port-aix.c The man-page for userinfo() states that: "EPERM The Command parameter is set to SETUINFO, and the calling process does not have root user authority." so I'm guessing the privilege separated OpenSSH tries to call this as a normal user (or the sshd user?). -jf
hmm, I lost part of a sentence there.. I meant to say that commenting out: if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); from openbsd-compat/port-aix.c makes sshd function with UsePrivilegeSeparation enabled.
Can I get a manpage for usrinfo() ? I know I've seen it before but I have to see why we are doing it and what privsep stuff that may have to be wrapped around it.
http://tre.ii.uib.no/doc_link/en_US/a_doc_lib/libs/basetrf2/usrinfo.htm
Created attachment 117 [details] Manpage for AIX usrinfo(). Needed to setup proper user context for some legacy AIX applications.
The fix for this was just committed to CVS by Ben: $ cvs log session.c [snip] revision 1.205 date: 2002/06/25 17:12:27; author: mouring; state: Exp; lines: +6 -3 20020626 - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by dtucker@zip.com.au [snip] Be aware that this will now set TTY to a null value in the system environment (use "setsenv" to view). It's possible that this will cause problems with "legacy" apps but there are no known cases at the moment.
*** Bug 270 has been marked as a duplicate of this bug. ***
Mass change of RESOLVED bugs to CLOSED