All,
How can I get at the daily snapshots?
When I go to the website, www.openssh.com, and follow the Linux
link to portable.html and then go to request the daily snapshot from
http://bass.directhit.com/openssh_snap/, I get prompted for a user id
and password. Needless to say, I ain't got.
That's real useful. Use to be, I could get the snapshots from
the ftp site. Then things changed and the snapshots were no longer
available from the ftp site and I had to go through the web site. Now
I can't get them there either. Is there some reason why the daily
snaps just keep getting buried deeper and deeper away?
IAC... I've also tried cvs and THAT was worse. I could get to
cvs and could get the sources, but they currently do not build on my
RedHat 6.2 system. After running autoconf and then configure, this
is what I get from make:
] [root at alcove openssh_cvs]# make
] (cd openbsd-compat; make)
] make[1]: Entering directory `/mnt1/src/openssh_cvs/openbsd-compat'
] gcc -g -O2 -Wall -I/usr/lib/include -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c -o
bsd-arc4random.o bsd-arc4random.c
] In file included from openbsd-compat.h:30,
] from ../includes.h:95,
] from bsd-arc4random.c:25:
] bsd-waitpid.h:38: warning: `WEXITSTATUS' redefined
] /usr/include/sys/wait.h:83: warning: this is the location of the previous
definition
] bsd-waitpid.h:39: warning: `WTERMSIG' redefined
] /usr/include/sys/wait.h:84: warning: this is the location of the previous
definition
] bsd-waitpid.h:40: warning: `WCOREFLAG' redefined
] /usr/include/sys/wait.h:91: warning: this is the location of the previous
definition
] bsd-waitpid.h:41: warning: `WCOREDUMP' redefined
] /usr/include/sys/wait.h:92: warning: this is the location of the previous
definition
] In file included from openbsd-compat.h:35,
] from ../includes.h:95,
] from bsd-arc4random.c:25:
] fake-socket.h:9: warning: `_SS_PADSIZE' redefined
] /usr/include/bits/socket.h:151: warning: this is the location of the previous
definition
] In file included from openbsd-compat.h:20,
] from ../includes.h:95,
] from bsd-arc4random.c:25:
] strsep.h:7: parse error before `__extension__'
] strsep.h:7: parse error before `('
] In file included from openbsd-compat.h:21,
] from ../includes.h:95,
] from bsd-arc4random.c:25:
] strtok.h:7: parse error before `__extension__'
] In file included from openbsd-compat.h:28,
] from ../includes.h:95,
] from bsd-arc4random.c:25:
] bsd-misc.h:60: redefinition of `struct timeval'
] bsd-misc.h:66: two or more data types in declaration of `utimes'
] In file included from openbsd-compat.h:35,
] from ../includes.h:95,
] from bsd-arc4random.c:25:
] fake-socket.h:11: redefinition of `struct sockaddr_storage'
] fake-socket.h:25: redefinition of `struct in6_addr'
] fake-socket.h:26: warning: no semicolon at end of struct or union
] fake-socket.h:26: parse error before `.'
] fake-socket.h:31: redefinition of `struct sockaddr_in6'
] make[1]: *** [bsd-arc4random.o] Error 1
] make[1]: Leaving directory `/mnt1/src/openssh_cvs/openbsd-compat'
] make: *** [openbsd-compat/libopenbsd-compat.a] Error 2
This was my configure command:
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-tcp-wrappers
--with-ipv4-default --with-pam --with-skey=/usr/lib
(Taken from the RedHat Spec file from the 2.3.0p1 source rpm)
This is what it reports when it's finished configuring:
] OpenSSH configured has been configured with the following options.
] User binaries: /usr/bin
] User binaries: /usr/bin
] System binaries: /usr/sbin
] Configuration files: /etc/ssh
] Askpass program: /usr/libexec/ssh-askpass
] Manual pages: /usr/man/manX
] PID file: /var/run
] Random number collection: Device (/dev/urandom)
] Manpage format: man
] PAM support: yes
] KerberosIV support: no
] AFS support: no
] S/KEY support: yes
] TCP Wrappers support: yes
] MD5 password support: no
] IP address in $DISPLAY hack: no
] Use IPv4 by default hack: yes
] Translate v4 in v6 hack: yes
]
] Host: i586-pc-linux-gnu
] Compiler: gcc
] Compiler flags: -g -O2 -Wall
] Preprocessor flags: -I/usr/lib/include
] Linker flags: -L/usr/lib/lib
] Libraries: -lskey -lpam -ldl -lz -lnsl -lutil -lcrypto -lwrap
]
] PAM is enabled. You may need to install a PAM control file for sshd,
] otherwise password authentication may fail. Example PAM control files
] can be found in the contrib/ subdirectory
So cvs is no joy here either.
Anyone with some suggestions...
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
On Wed, 7 Feb 2001, Michael H. Warfield wrote:> ] [root at alcove openssh_cvs]# make > ] (cd openbsd-compat; make) > ] make[1]: Entering directory `/mnt1/src/openssh_cvs/openbsd-compat' > ] gcc -g -O2 -Wall -I/usr/lib/include -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c -o bsd-arc4random.o bsd-arc4random.c > ] In file included from openbsd-compat.h:30, > ] from ../includes.h:95, > ] from bsd-arc4random.c:25: > ] bsd-waitpid.h:38: warning: `WEXITSTATUS' redefined > ] /usr/include/sys/wait.h:83: warning: this is the location of the previous definitionCould you send in the full output of a ./configure run? Thanks, Damien -- | Damien Miler <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer
OK, I finally fixed this for good by rearranging stuff on the site... The URL you have hasn't changed... sorry for the screw up! -Rob On Wed, 7 Feb 2001, Michael H. Warfield wrote:> All, > > How can I get at the daily snapshots? > > When I go to the website, www.openssh.com, and follow the Linux > link to portable.html and then go to request the daily snapshot from > http://bass.directhit.com/openssh_snap/, I get prompted for a user id > and password. Needless to say, I ain't got. > > That's real useful. Use to be, I could get the snapshots from > the ftp site. Then things changed and the snapshots were no longer > available from the ftp site and I had to go through the web site. Now > I can't get them there either. Is there some reason why the daily > snaps just keep getting buried deeper and deeper away? > > IAC... I've also tried cvs and THAT was worse. I could get to > cvs and could get the sources, but they currently do not build on my > RedHat 6.2 system. After running autoconf and then configure, this > is what I get from make: > > ] [root at alcove openssh_cvs]# make > ] (cd openbsd-compat; make) > ] make[1]: Entering directory `/mnt1/src/openssh_cvs/openbsd-compat' > ] gcc -g -O2 -Wall -I/usr/lib/include -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c -o bsd-arc4random.o bsd-arc4random.c > ] In file included from openbsd-compat.h:30, > ] from ../includes.h:95, > ] from bsd-arc4random.c:25: > ] bsd-waitpid.h:38: warning: `WEXITSTATUS' redefined > ] /usr/include/sys/wait.h:83: warning: this is the location of the previous definition > ] bsd-waitpid.h:39: warning: `WTERMSIG' redefined > ] /usr/include/sys/wait.h:84: warning: this is the location of the previous definition > ] bsd-waitpid.h:40: warning: `WCOREFLAG' redefined > ] /usr/include/sys/wait.h:91: warning: this is the location of the previous definition > ] bsd-waitpid.h:41: warning: `WCOREDUMP' redefined > ] /usr/include/sys/wait.h:92: warning: this is the location of the previous definition > ] In file included from openbsd-compat.h:35, > ] from ../includes.h:95, > ] from bsd-arc4random.c:25: > ] fake-socket.h:9: warning: `_SS_PADSIZE' redefined > ] /usr/include/bits/socket.h:151: warning: this is the location of the previous definition > ] In file included from openbsd-compat.h:20, > ] from ../includes.h:95, > ] from bsd-arc4random.c:25: > ] strsep.h:7: parse error before `__extension__' > ] strsep.h:7: parse error before `(' > ] In file included from openbsd-compat.h:21, > ] from ../includes.h:95, > ] from bsd-arc4random.c:25: > ] strtok.h:7: parse error before `__extension__' > ] In file included from openbsd-compat.h:28, > ] from ../includes.h:95, > ] from bsd-arc4random.c:25: > ] bsd-misc.h:60: redefinition of `struct timeval' > ] bsd-misc.h:66: two or more data types in declaration of `utimes' > ] In file included from openbsd-compat.h:35, > ] from ../includes.h:95, > ] from bsd-arc4random.c:25: > ] fake-socket.h:11: redefinition of `struct sockaddr_storage' > ] fake-socket.h:25: redefinition of `struct in6_addr' > ] fake-socket.h:26: warning: no semicolon at end of struct or union > ] fake-socket.h:26: parse error before `.' > ] fake-socket.h:31: redefinition of `struct sockaddr_in6' > ] make[1]: *** [bsd-arc4random.o] Error 1 > ] make[1]: Leaving directory `/mnt1/src/openssh_cvs/openbsd-compat' > ] make: *** [openbsd-compat/libopenbsd-compat.a] Error 2 > > This was my configure command: > > ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-tcp-wrappers --with-ipv4-default --with-pam --with-skey=/usr/lib > > (Taken from the RedHat Spec file from the 2.3.0p1 source rpm) > > This is what it reports when it's finished configuring: > > > ] OpenSSH configured has been configured with the following options. > ] User binaries: /usr/bin > ] User binaries: /usr/bin > ] System binaries: /usr/sbin > ] Configuration files: /etc/ssh > ] Askpass program: /usr/libexec/ssh-askpass > ] Manual pages: /usr/man/manX > ] PID file: /var/run > ] Random number collection: Device (/dev/urandom) > ] Manpage format: man > ] PAM support: yes > ] KerberosIV support: no > ] AFS support: no > ] S/KEY support: yes > ] TCP Wrappers support: yes > ] MD5 password support: no > ] IP address in $DISPLAY hack: no > ] Use IPv4 by default hack: yes > ] Translate v4 in v6 hack: yes > ] > ] Host: i586-pc-linux-gnu > ] Compiler: gcc > ] Compiler flags: -g -O2 -Wall > ] Preprocessor flags: -I/usr/lib/include > ] Linker flags: -L/usr/lib/lib > ] Libraries: -lskey -lpam -ldl -lz -lnsl -lutil -lcrypto -lwrap > ] > ] PAM is enabled. You may need to install a PAM control file for sshd, > ] otherwise password authentication may fail. Example PAM control files > ] can be found in the contrib/ subdirectory > > So cvs is no joy here either. > > Anyone with some suggestions... > > Mike >
Yes that looks to be it. Here is the output for a normal telnet and then an ssh connection. luid is not being set. How can I correct this? from a normal telnet : id -l uid=244(svaughan) gid=102(udt) luid=244(svaughan) groups=102(udt) from an ssh : id -l uid=244(svaughan) gid=102(udt) luid=-1(not set) groups=102(udt) Thanks for you help! Sam -- Sam Vaughan Senior Systems Administrator On Sat, 10 Feb 2001, Gert Doering wrote:> Hi, > > On Thu, Feb 08, 2001 at 02:53:18PM -0800, svaughan wrote: > > I am running OpenSSH_2.2.0p1 on SCO 5.0.5. Everything is > > running just fine but I am experiencing a little problem when I go to > > change my password remotely. After logging in, if I go to change my > > password with the command passwd, I get the following error. > > > > bash-2.01$ passwd > > Setting password for user: (null) > > This might be a problem with the login user id (luid) on C2 systems. > > Could you show us the result of "id -l" on a "normal" login and on a SSH > login, please? > > gert > > -- > USENET is *not* the non-clickable part of WWW! > //www.muc.de/~gert/ > Gert Doering - Munich, Germany gert at greenie.muc.de > fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de >
Hi Tim, Could you send me some info on your SCO machine you compiled on? setluid has been working great for me on all the SCO boxes in our network. (they are all 5.0.5) Thanks, Sam On Tue, 20 Feb 2001, Tim Rice wrote:> On Fri, 16 Feb 2001, Damien Miller wrote: > > > On Thu, 15 Feb 2001, svaughan wrote: > > > > > Here is an updated patch. Sorry, I thought setluid was SCO specific. > > > > I have modified your patch a little. Can you please give the below one > > a try? > > > > Close, but needs some work. > rlogin > tim(trr)@sco504 1% id -l > uid=31(tim) gid=85(trr) luid=31(tim) groups=85(trr),18(lp),50(group) > > ssh > tim(trr)@sco504 1% id -l > uid=31(tim) gid=85(trr) luid=0(root) groups=85(trr),18(lp),50(group) > ^^^^^^ > Not quite what we want. > > > It does not try to do setluid for non-OpenServer systems. From docs.sco.com > > it says that Unixware also offers the get/setluid syscalls, but they will > > always fail. > > > [patch sniped] > > > > > > -- > Tim Rice Multitalents (707) 887-1469 > tim at multitalents.net > >
Oops, sorry. I jumped the gun here. I just remembered that I am running
2.3.0p1 with the setluid patch on my servers. Ignore my previous
email. I downloaded 2.5.1p1 and tested it. It does not set the luid
correctly on my SCO 5.0.5 box.
setluid is erring out because:
sshd[15834]: error: setluid: Operation not permitted
After looking through session.c again and doing some more research. It
turns out that setluid needs to be called before setuid and setgid. After
these are set the LUID cannot be changed, even by root.
from the setluid manpage:
The setluid routine is invoked by the login(M) program just prior to the
identity changes caused by setuid(S) and setgid(S) calls.
Here is a patch with setluid being called in a better spot.
Sorry, I should have caught this earlier.
Sam
*** openssh-2.5.1p1/session.c Sun Feb 18 11:13:34 2001
--- openssh-2.5.1p1_patch/session.c Wed Feb 21 02:05:28 2001
***************
*** 1075,1080 ****
}
#endif
# else /* HAVE_LOGIN_CAP */
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s",
strerror(errno));
if (setgid(pw->pw_gid) < 0) {
--- 1075,1086 ----
}
#endif
# else /* HAVE_LOGIN_CAP */
+
+ #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
+ /* Sets login uid for accounting */
+ if (getluid() == -1 && setluid(pw->pw_uid) ==
-1)
+ error("setluid: %s", strerror(errno));
+ #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s",
strerror(errno));
if (setgid(pw->pw_gid) < 0) {
***************
*** 1126,1136 ****
}
#endif /* HAVE_OSF_SIA */
- #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
- /* Sets login uid for accounting */
- if (getluid() == -1 && setluid(pw->pw_uid) == -1)
- error("setluid: %s", strerror(errno));
- #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
#ifdef HAVE_CYGWIN
if (is_winnt)
--- 1132,1137 ----
}
#endif /* HAVE_OSF_SIA */
#ifdef HAVE_CYGWIN
if (is_winnt)
>
> Hi Tim,
> Could you send me some info on your SCO machine you compiled
> on? setluid has been working great for me on all the SCO boxes in our
> network. (they are all 5.0.5)
>
>
> Thanks,
> Sam
>
> On Tue, 20 Feb 2001, Tim Rice wrote:
>
> > On Fri, 16 Feb 2001, Damien Miller wrote:
> >
> > > On Thu, 15 Feb 2001, svaughan wrote:
> > >
> > > > Here is an updated patch. Sorry, I thought setluid was SCO
specific.
> > >
> > > I have modified your patch a little. Can you please give the
below one
> > > a try?
> > >
> >
> > Close, but needs some work.
> > rlogin
> > tim(trr)@sco504 1% id -l
> > uid=31(tim) gid=85(trr) luid=31(tim) groups=85(trr),18(lp),50(group)
> >
> > ssh
> > tim(trr)@sco504 1% id -l
> > uid=31(tim) gid=85(trr) luid=0(root) groups=85(trr),18(lp),50(group)
> > ^^^^^^
> > Not quite what we want.
> >
> > > It does not try to do setluid for non-OpenServer systems. From
docs.sco.com
> > > it says that Unixware also offers the get/setluid syscalls, but
they will
> > > always fail.
> > >
> > [patch sniped]
> > >
> > >
> >
> > --
> > Tim Rice Multitalents (707) 887-1469
> > tim at multitalents.net
> >
> >
>
>