sshd of openssh-3.8p1 doesn't link. Linking worked on all prior versions of openssh. OS: Tru64 (OSF/1) 4.0f Symptom: gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o -L. -Lopenbsd-compat/ -L/usr/local/ssl/lib -L/usr/local/staff/tcp_wrappers/src -s -Wl,-rpath,/usr/local/ssl/lib:/vol/gnu/lib -lssh -lopenbsd-compat -lwrap -lcrypto -lrt -lz -lsecurity -ldb -lm -laud ld: Unresolved: xcrypt shadow_pw collect2: ld returned 1 exit status At least shadow_pw doesn't exist in any library that comes with Tru64 (didn't check for xcrypt). The symptoms don't change when I add or omit the --with-osfsia configure option. Looking at auth-passwd.c of 3.8p1 and 3.7.1p2 showed that adding the option --with-cflags=-DCUSTOM_SYS_AUTH_PASSWD to configure could help on 3.8p1. And indeed, it does help. sshd now links and runs correctly. But I don't know if this is the correct solution or just a work-around.
both of these fuctions are in openbsd-compat/xcrypt.c It is wrapped around a !HAVE_OSF_SIA Some research would have to be done to find if this is still required anymore. If you remove the "#if !defined(HAVE_OSF_SIA)" near the top of the xcrypt.c file and the "endif /* !defined(HAVE_OSF_SIA) */" Does the problem also go away? And do you still have a working sshd? - Ben
I commented out the "#if !defined(HAVE_OSF_SIA)" in openbsd-compat/xcrypt.c. Then I reran configure (without the --with-cflags option) and make. sshd links fine and it works o.k. Now we have 2 possible solutions (or work-arounds?).
Created attachment 554 [details] More correct SIA fix. After Looking at the coding cleanup I realized that we were a too harsh. If SIA is detected the rest of the code after it is garbage that is never called.
Created attachment 555 [details] Move osf auth to auth-sia.c I'd rather see the OSF SIA specific bits banished entirely to auth-sia.c, like so.
Darren's is better. Assuming we never trigger KRB5/SHADOW stuff with SIA enabled. Maybe as a separate patch we may want to consider ensuring they are never set together.
Created attachment 556 [details] Move sys_auth_password for OSF SIA to auth-sia.c Attempt 2. Undef's USE_SHADOW if OSF SIA is enabled. I left KRB5 alone since it must me enabled manually at configure time. ALso, I think removing the "#if !defined(HAVE_OSF_SIA)" from xcrypt.c is safe, because it only ends up in libopenbsd-compat.a, and if it's not used by sshd it won't get linked in anyway.
Comment on attachment 556 [details] Move sys_auth_password for OSF SIA to auth-sia.c Looks OK, for both trunk and V_3_8 branch
Created attachment 558 [details] Move sys_auth_passwd for OSF SIA to auth-sia.c Correction: sys_auth_password -> sys_auth_passwd
With the attachment 558 [details] the sshd of openssh-3.8p1 now compiles, links, and works fine for me on Tru64. Thanks to all who helped.
Patch applied, thanks for the report.
*** Bug 807 has been marked as a duplicate of this bug. ***
*** Bug 814 has been marked as a duplicate of this bug. ***
This will be in 3.8.1p1 too.
Closed with release of portable OpenSSH 3.8.1p1