bugzilla-daemon at bugzilla.mindrot.org
2010-Feb-01 18:48 UTC
[Bug 1710] New: aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710
Summary: aix_setauthdb/aix_restoredb are not called in
getpwnamallow() causing permanently_set_uid() to fail
Product: Portable OpenSSH
Version: 5.3p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: letourneau.alexandre at gmail.com
Created an attachment (id=1787)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1787)
A patch fixing this issue
We are using a bunch of diffrent LAMs to authenticate users, and
while qualifying openSSH5.3p1 on aix 5.3 and 6.1 we discovered
a small bug.
In auth.c inside the function getpwnamallow(const char *user)
getpwnam(user) is called w/o setting the authdb first.
This results in the wrong authdb being used to retrieve the
user's passwd structure: it uses the default LAM.
(ie: the first one it finds in /usr/lib/security/methods.cfg)
setauthdb() is called during the authentication phase
(which is very good), but it is also necessary to make
the call before using getpwnam/getpwuid/etc.
This is easly fixed by wrapping aix_setauthdb()/aix_restoredb [from
port-aix.c] around the getpwnam(user) call [in auth.c]
I attached a patch, that I tested on aix 5.3 and aix 6.1, fixing this
issue.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Feb-01 18:49 UTC
[Bug 1710] aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710 --- Comment #1 from Alexandre Letourneau <letourneau.alexandre at gmail.com> 2010-02-02 05:49:02 EST --- Created an attachment (id=1788) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1788) Level 3 debug logs showing the problem -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Feb-11 23:39 UTC
[Bug 1710] aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
Blocks| |1626
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2010-02-12
10:39:18 EST ---
Thanks, I'll look at this.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-05 20:25 UTC
[Bug 1710] aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710
Yannick Bergeron <burgergold at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |burgergold at hotmail.com
--- Comment #3 from Yannick Bergeron <burgergold at hotmail.com>
2010-03-06 07:25:23 EST ---
is it still planned to be included in 5.4?
I saw that some bugs that were previously blocks for 5.4 were moved to
5.5
We would really appreciate that this fix could be included in 5.4
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-06 21:22 UTC
[Bug 1710] aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1787|application/octet-stream |text/plain
mime type| |
Attachment #1787|0 |1
is patch| |
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-07 00:30 UTC
[Bug 1710] aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1788|application/octet-stream |text/plain
mime type| |
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-07 00:57 UTC
[Bug 1710] aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2010-03-07
11:57:53 EST ---
Patch applied, thanks. It will be in 5.4p1.
I think that after the release we should put a getpwnam() wrapper in
port-aix.c that does this to keep the diffs out of the mainline code.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-07 05:50 UTC
[Bug 1710] aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710 --- Comment #5 from Alexandre Letourneau <letourneau.alexandre at gmail.com> 2010-03-07 16:50:49 EST --- Thanks, yes it would be much cleaner that way. I could work on it. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-25 23:52 UTC
[Bug 1710] aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #6 from Darren Tucker <dtucker at zip.com.au> 2010-03-26
10:52:13 EST ---
With the release of 5.4p1, this bug is now considered closed.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.