openssh unix dev - Aug 2004 - sshd 3.9p1 under Reliant Unix 5.45: getpeername: Operation not supported on transport endpoint

The following is special to sshd 3.9p1 under ReliantUnix 5.45. It does 
not occur under ReliantUnix 5.43 nor under Solaris 5.8:

	`pwd`/sshd-3.9 -e -D -d -d -d

Now connecting from outside
	[...]
	debug1: inetd sockets after dupping: 3, 3
	debug1: get_port() calls get_sock_port(3)
	debug1: getpeername failed:
		 Operation not supported on transport endpoint

lsof proves FD 3 is an established TCP connection.

It does not occur when sshd is started with -r to prevent usage of the 
new re-exec mechanism.

I'm pretty sure it's something weird with ReliantUnix 5.45 concerning 
inherited sockets.

Anyone here having a pointer where to start the chase?

Regards,
        Robert

On Wed, 25 Aug 2004, Robert Dahlem wrote:
>
> The following is special to sshd 3.9p1 under ReliantUnix 5.45. It does
> not occur under ReliantUnix 5.43 nor under Solaris 5.8:
[snip]
> Anyone here having a pointer where to start the chase?
Send us the output of configure starting with
 	OpenSSH has been configured with the following options:
>
> Regards,
>        Robert
>
-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

On Wed, 25 Aug 2004 10:50:57 -0700 (PDT), Tim Rice wrote:

>> The following is special to sshd 3.9p1 under ReliantUnix 5.45. It 
does
>> not occur under ReliantUnix 5.43 nor under Solaris 5.8:
>[snip]
>> Anyone here having a pointer where to start the chase?
>Send us the output of configure starting with
> 	OpenSSH has been configured with the following options:
Here we go:

OpenSSH has been configured with the following options:
                     User binaries: /opt/bin
                   System binaries: /opt/bin
               Configuration files: /etc/ssh
                   Askpass program: /opt/bin/ssh-askpass
                      Manual pages: /usr/share/man/manX
                          PID file: /etc/ssh
  Privilege separation chroot path: /var/empty
            sshd default user PATH: 
/usr/bin:/bin:/usr/sbin:/sbin:/opt/bin
   (If PATH is set in /etc/default/login it will be used instead. If
   used, ensure the path to scp is present, otherwise scp will not 
work.)
                    Manpage format: man
                       PAM support: no
                 KerberosV support: no
                 Smartcard support: no
                     S/KEY support: no
              TCP Wrappers support: no
              MD5 password support: no
       IP address in $DISPLAY hack: yes
           Translate v4 in v6 hack: no
                  BSD Auth support: no
              Random number source: OpenSSL internal ONLY

              Host: mips-sni-sysv4
          Compiler: cc
    Compiler flags: -O
Preprocessor flags: -I/opt/lib/ssl/include 
      Linker flags: -L/opt/lib/ssl/lib -s
         Libraries:   -lcrypto -lz -lsocket -lnsl -ldl  -lgen -lresolv

SVR4 style packages are supported with "make package"

WARNING: the operating system that you are using does not 
appear to support either the getpeereid() API nor the 
SO_PEERCRED getsockopt() option. These facilities are used to 
enforce security checks to prevent unauthorised connections to 
ssh-agent. Their absence increases the risk that a malicious 
user can connect to your agent. 


Regards,
        Robert

On Thu, 26 Aug 2004, Robert Dahlem wrote:
> On Wed, 25 Aug 2004 10:50:57 -0700 (PDT), Tim Rice wrote:
>
>
>>> The following is special to sshd 3.9p1 under ReliantUnix 5.45. It
> does
>>> not occur under ReliantUnix 5.43 nor under Solaris 5.8:
[snip]
>         Libraries:   -lcrypto -lz -lsocket -lnsl -ldl  -lgen -lresolv
Just for fun try editing your Makefiles so LIBS are
 	-lcrypto -lz -ldl -lgen -lsocket -lresolv -lnsl
and then "make clean && make"


-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

Robert Dahlem wrote:
> On Fri, 27 Aug 2004 20:44:28 +0200, Robert Dahlem wrote:
> 
> 
>>	sock_in = sock_out = fcntl(STDIN_FILENO, F_DUPFD);
> 
> 
> Oops. Should be
> 
> 	sock_in = sock_out = fcntl(STDIN_FILENO, F_DUPFD, 0);
It looks like your dup() is indeed broken. It should be too hard to have
a replacement function (or #define) to transparently cope with this.

What is your platform type, as reported after "Host: " at the end of a
configure run?

-d

On Sat, 28 Aug 2004 11:11:16 +1000, Damien Miller wrote:
>> 	sock_in = sock_out = fcntl(STDIN_FILENO, F_DUPFD, 0);
>It looks like your dup() is indeed broken. It should be too hard to have
>a replacement function (or #define) to transparently cope with this.
>What is your platform type, as reported after "Host: " at the end
of a
>configure run?
Host: mips-sni-sysv4

Would you accept a patch like

	#define dup(fd) fcntl(fd, F_DUPFD, 0)

for this platform?

Regards,
        Robert

Robert Dahlem wrote:
> On Sat, 28 Aug 2004 11:11:16 +1000, Damien Miller wrote:
>>It looks like your dup() is indeed broken. It should be too hard to have
>>a replacement function (or #define) to transparently cope with this.
[...]
> Host: mips-sni-sysv4
> 
> Would you accept a patch like
> 
> 	#define dup(fd) fcntl(fd, F_DUPFD, 0)
> 
> for this platform?
I think that would be OK.  Does the attached patch work?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-dup-fcntl.patch
Url:
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040829/1dad8309/attachment.ksh