The recent patch posted by Steve VanDevender <stevev at
darkwing.uoregon.edu>
for fixing the session code on Tru64 isn't quite right -- it still fails
in the case of NO tty being allocated.
The problem is that s->tty is a char[TTYSZ] rather than a char *, and
hence can't hold a NULL. Calling sia_ses_init() with the tty being an
empty string doesn't signify no tty, and hence will cause a failure. The
"no tty" case should have tty passed as NULL.
One possible fix for this is to change the call to sia_ses_init from:
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0,
NULL) != SIASUCCESS)
to:
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user,
tty[0] ? tty : NULL, 0, NULL) != SIASUCCESS)
However, I'm not convinced that tty won't be some random value here if
session structure has been used before, since s->tty isn't zeroed in
session_new(). Thus you may possibly also need to add:
s->tty[0] = '\0';
into the session initialisation in session_new(), or maybe set it before
the call to do_child() in do_exec_no_pty().
On further thought, perhaps the call to sia_ses_init should be left alone
and the call to session_setup_sia() in session.c changed from:
session_setup_sia(pw->pw_name, s->tty);
to:
session_setup_sia(pw->pw_name, s->ttyfd != -1 ? s->tty : NULL);
Can someone who knows the code better than I do shed some light on the
correct solution here.
- Mike
--
Mike Battersby <mib at unimelb.edu.au> The University of Melbourne
Fetch my pgp key from: http://ariel.ucs.unimelb.edu.au/~mib/pgpkey.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 222 bytes
Desc: not available
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010321/149aff6c/attachment.bin
On Wed, 21 Mar 2001, Mike Battersby wrote:> The recent patch posted by Steve VanDevender <stevev at darkwing.uoregon.edu> > for fixing the session code on Tru64 isn't quite right -- it still fails > in the case of NO tty being allocated. > > The problem is that s->tty is a char[TTYSZ] rather than a char *, and > hence can't hold a NULL. Calling sia_ses_init() with the tty being an > empty string doesn't signify no tty, and hence will cause a failure. The > "no tty" case should have tty passed as NULL.Thanks for spotting this. The following takes care of the SIA case. I am pretty sure it fixes AIX as well, but the manpage that Gert sent to the list was a little ambiguous - only saying that TTY should be "null" in the cases where no tty is present. Perhaps an AIX guru could enlighten us here? Index: session.c ==================================================================RCS file: /var/cvs/openssh/session.c,v retrieving revision 1.93 diff -u -r1.93 session.c --- session.c 2001/03/21 00:11:57 1.93 +++ session.c 2001/03/21 05:10:07 @@ -1053,7 +1053,7 @@ switch, so we let login(1) to this for us. */ if (!options.use_login) { #ifdef HAVE_OSF_SIA - session_setup_sia(pw->pw_name, s->tty); + session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty); #else /* HAVE_OSF_SIA */ #ifdef HAVE_CYGWIN if (is_winnt) { @@ -1137,7 +1137,8 @@ cp = xmalloc(22 + strlen(s->tty) + 2 * strlen(pw->pw_name)); i = sprintf(cp, "LOGNAME=%s%cNAME=%s%cTTY=%s%c%c", - pw->pw_name, 0, pw->pw_name, 0, s->tty, 0,0); + pw->pw_name, 0, pw->pw_name, 0, + s->ttyfd == -1 ? "" : s->tty, 0,0); if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer
Apparently Analagous Threads
- uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)
- Patches for compatibility with Heimdal's libsia_krb5 SIA module
- Patch for Digital Unix SIA authentication
- Update for Tru64 Unix
- Fixed patch for Digital Unix SIA