bugzilla-daemon at mindrot.org
2015-Jul-06 21:06 UTC
[Bug 2425] New: sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425
Bug ID: 2425
Summary: sshd doesn't need to call setproject() when configured
to use PAM on Solaris
Product: Portable OpenSSH
Version: 6.9p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: brent.paulson at gmail.com
Created attachment 2661
--> https://bugzilla.mindrot.org/attachment.cgi?id=2661&action=edit
patch to limit setproject(3PROJECT) calls to non-PAM configurations
The OpenSSH bug:
1824 Added project(4) support for Solaris 10
https://bugzilla.mindrot.org/show_bug.cgi?id=1824
added code to call setproject(3PROJECT) on Solaris when
USE_SOLARIS_PROJECTS is defined. The USE_SOLARIS_PROJECTS #define is
set when --with-solaris-projects is supplied to the configure script.
Ever since the introduction of projects in Solaris 9 a user's project
membership has been set by PAM. As of Solaris 10, released in January
2005, the updating of a user's project information happens via
pam_unix_cred(5). This PAM module must be present in all
authentication
PAM transactions and is part of all PAM stacks shipped with Solaris and
thus when PAM is configured for OpenSSH (--with-pam) it is not
necessary
to separately call setproject(3PROJECT). In short, I'm suggesting
including '&& !defined(USE_PAM)' to the lines containing
'USE_SOLARIS_PROJECTS' in the portable OpenSSH source.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Jul-07 06:23 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
Attachment #2661|application/octet-stream |text/plain
mime type| |
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Jul-07 06:26 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425 --- Comment #1 from Darren Tucker <dtucker at zip.com.au> --- Comment on attachment 2661 --> https://bugzilla.mindrot.org/attachment.cgi?id=2661 patch to limit setproject(3PROJECT) calls to non-PAM configurations>-#ifdef USE_SOLARIS_PROJECTS >+#ifdef USE_SOLARIS_PROJECTS && !defined(USE_PAM)This part isn't correct: USE_PAM is a compile time flag but PAM can be enabled and disabled at runtime.> /* if solaris projects were detected, set the default now */ > if (getuid() == 0 || geteuid() == 0) > solaris_set_default_project(pw);I think that should be something like if ((getuid() == 0 || geteuid() == 0) && !options.use_pam) solaris_set_default_project(pw); -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-29 01:42 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2451
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-29 01:43 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2661|0 |1
is obsolete| |
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
Created attachment 2742
--> https://bugzilla.mindrot.org/attachment.cgi?id=2742&action=edit
Check PAM at runtime before setting Solaris project
Could you please confirm that this diff works as expected? Thanks.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-29 01:43 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|unassigned-bugs at mindrot.org |dtucker at zip.com.au
Status|NEW |ASSIGNED
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Feb-26 03:43 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> --- We haven't received confirmation that this works so pushing to next release. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Feb-26 03:43 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2451 |2543
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
https://bugzilla.mindrot.org/show_bug.cgi?id=2543
[Bug 2543] Tracking bug for OpenSSH 7.3 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Mar-14 16:23 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425 --- Comment #4 from brent.paulson at gmail.com ---> Could you please confirm that this diff works as expected? Thanks.Yes, I've confirmed the patch works as expected. Thanks! -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Mar-14 22:27 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from Darren Tucker <dtucker at zip.com.au> ---
Thanks, applied.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Dec-09 01:21 UTC
[Bug 2425] sshd doesn't need to call setproject() when configured to use PAM on Solaris
https://bugzilla.mindrot.org/show_bug.cgi?id=2425
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Bulk mark issues CLOSED in 7.3 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.