-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 openssh-1.2.1pre20 has been released at: http://violet.ibs.com.au/openssh/files/ This release integrates more of Andre Lucas' portability patch, Ben Taylor's utmpx patch and some cleanups and bugfixes of my own. The auth-passwd failures should be fixed, as should lastlog support on NetBSD. Since Andre Lucas' patch included platform detection, we should use it to set appropriate compiler flags. I recall some discussion about solaris needing special flags to get openssh to compile. These can now be set by autoconf (if you tell me what they are). The PAM support has been slightly cleaned up and I have fixed a small bug in the authentication (auth_password was not being tried with an empty password for PAM first). This has necessitated a small change to the PAM config file. I am very interested to hear how this release compiles on Solaris, HPUX and AIX. ChangeLog: 19991225 - More fixes from Andre Lucas <andre.lucas at dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas at dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent at clark.net>: 19991222 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen <pope at netguide.dk> - Fix login.c breakage on systems which lack ut_host in struct utmp. Reported by Willard Dawson <willard.dawson at sbs.siemens.com> - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4ZAIbormJ9RG1dI8RAmp2AJ962AAA5qwWCEqgwFGB/YbdM65o3ACgyW0g k+92eziI5oqXySFkuhCNCqY=t4uu -----END PGP SIGNATURE-----
As far as I can tell, user password authentication is still broken in 1.2.1pre20. This is with Debian 2.1 Linux on both ends, 2.2.13 kernels: marge.ka9q.ampr.org$ slogin homer Enter passphrase for RSA key 'karn at ka9q.ampr.org': [deliberately hit return here] Bad passphrase. karn at homer.ka9q.ampr.org's password: [enter correct password here] Permission denied, please try again. karn at homer.ka9q.ampr.org's password: [enter correct password here] Permission denied, please try again. karn at homer.ka9q.ampr.org's password: [enter correct password here] Permission denied. --Phil
A followup observation: the problem I was having with password authentication goes away if I enable shadow passwords. Perhaps the sshd password checking routine assumes that shadow passwords are always on? Phil
Here are my patches against pre20 which make utmpx support work correctly for Solaris. Fixes: login.c: fix typo, add code, clean ups for utmpx bsd-login.c: cleanup case with old_ut is only used when HAVE_HOST_IN_UTMP is used, as well as move defines used in only that case config.h.in: fix for utmpx Ben -------------- next part -------------- --- Makefile.in.ORIG Fri Dec 24 21:23:54 1999 +++ Makefile.in Fri Dec 24 21:24:26 1999 @@ -48,6 +48,8 @@ $(AR) rv $@ $(LIBOBJS) $(RANLIB) $@ +$(OBJS): config.h + ssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o libssh.a $(CC) -o $@ ssh.o sshconnect.o log-client.o readconf.o \ clientloop.o $(LDFLAGS) -lssh $(LIBS) --- bsd-login.c.ORIG Fri Dec 24 21:20:53 1999 +++ bsd-login.c Fri Dec 24 21:38:38 1999 @@ -65,13 +65,19 @@ struct utmp *utp; #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */ { +#if defined(HAVE_HOST_IN_UTMP) struct utmp old_ut; +#endif #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) struct utmpx *old_utx; #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */ register int fd; int tty; + tty = ttyslot(); + if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) { +#if defined(HAVE_HOST_IN_UTMP) + #ifndef UT_LINESIZE # define UT_LINESIZE (sizeof(old_ut.ut_line)) # define UT_NAMESIZE (sizeof(old_ut.ut_name)) @@ -79,10 +85,6 @@ # define UT_HOSTSIZE (sizeof(old_ut.ut_host)) # endif #endif - - tty = ttyslot(); - if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) { -#if defined(HAVE_HOST_IN_UTMP) (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET); /* * Prevent luser from zero'ing out ut_host. --- config.h.in.ORIG Fri Dec 24 21:05:57 1999 +++ config.h.in Fri Dec 24 21:10:06 1999 @@ -349,6 +349,23 @@ # endif #endif +#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) +# ifndef _PATH_UTMPX +# ifdef UTMPX_FILE +# define _PATH_UTMPX UTMPX_FILE +# else +# define _PATH_UTMPX "/var/adm/utmpx" +# endif +# endif +# ifndef _PATH_WTMPX +# ifdef WTMPX_FILE +# define _PATH_WTMPX WTMPX_FILE +# else +# define _PATH_WTMPX "/var/adm/wtmp" +# endif +# endif +#endif + #ifndef _PATH_BSHELL # define _PATH_BSHELL "/bin/sh" #endif --- login.c.ORIG Fri Dec 24 21:15:34 1999 +++ login.c Fri Dec 24 21:20:04 1999 @@ -152,10 +152,11 @@ #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) memset(&utx, 0, sizeof(utx)); strncpy(utx.ut_user, user, sizeof(utx.ut_name)); + strcpy(utx.ut_id, "sshd"); strncpy(utx.ut_line, ttyname + 5, sizeof(utx.ut_line)); utx.ut_pid = (pid_t)pid; utx.ut_tv.tv_sec = time(NULL); - u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS; + utx.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS; #ifdef HAVE_HOST_IN_UTMPX #ifdef HAVE_SYSLEN_IN_UTMPX utx.ut_syslen = strlen(host); @@ -166,7 +167,8 @@ #endif #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */ -#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN) +/*#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)*/ +#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) login(&u, &utx); #else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */ login(&u);
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 24 Dec 1999, Ben Taylor wrote:> > Here are my patches against pre20 which make utmpx support > work correctly for Solaris.Applied. A question before I commit it: ==================================================================RCS file: /var/cvs/openssh/login.c,v retrieving revision 1.11 diff -u -r1.11 login.c - --- login.c 1999/12/24 23:11:29 1.11 +++ login.c 1999/12/25 11:34:14 @@ -152,10 +152,11 @@ #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) memset(&utx, 0, sizeof(utx)); strncpy(utx.ut_user, user, sizeof(utx.ut_name)); + strcpy(utx.ut_id, "sshd"); My docs (utmp.h) indicates that the ut_id field is used to indicate the id of the process from the inittab. Is it used for something different on Solaris? Regards, Damien - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4ZK3BormJ9RG1dI8RAhSlAJ48eed0lvf5L0//RLOPo5xKSHzsWwCdGsz3 57+k6rAL2JYXZzDI5RoS6Qc=RnzM -----END PGP SIGNATURE-----
On Sat, 25 Dec 1999, Damien Miller wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 24 Dec 1999, Ben Taylor wrote: > > > > > Here are my patches against pre20 which make utmpx support > > work correctly for Solaris. > > Applied. A question before I commit it: > > ==================================================================> RCS file: /var/cvs/openssh/login.c,v > retrieving revision 1.11 > diff -u -r1.11 login.c > - --- login.c 1999/12/24 23:11:29 1.11 > +++ login.c 1999/12/25 11:34:14 > @@ -152,10 +152,11 @@ > #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) > memset(&utx, 0, sizeof(utx)); > strncpy(utx.ut_user, user, sizeof(utx.ut_name)); > + strcpy(utx.ut_id, "sshd"); > > My docs (utmp.h) indicates that the ut_id field is used to > indicate the id of the process from the inittab. Is it used for > something different on Solaris?Probably best not to commit it. I think I might have been a bit over zealous to fill out all the fields in the utmpx structure. Ben> > Regards, > Damien > > - -- > | "Bombay is 250ms from New York in the new world order" - Alan Cox > | Damien Miller - http://www.mindrot.org/ > | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.0 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE4ZK3BormJ9RG1dI8RAhSlAJ48eed0lvf5L0//RLOPo5xKSHzsWwCdGsz3 > 57+k6rAL2JYXZzDI5RoS6Qc> =RnzM > -----END PGP SIGNATURE----- >