similar to: Snapshots not updating?

Hi All, While testing another patch, I found that I could not longer log in as root, even if PermitRootLogin was yes. It seems to be the following code in auth_password: $ cvs diff -r1.48 -r1.49 auth-passwd.c [snip] #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login !=

Hi All. The discussion about SOCKS5 support set me thinking about how you would test it, and I came up with the attached test. (Again, mostly code stolen from another test, this time forwarding.sh). It requires "connect" [1] but will skip the test if it's not found. -Daz. [1] http://www.taiyo.co.jp/~gotoh/ssh/connect.html -- Darren Tucker (dtucker at zip.com.au) GPG key

Hi All. Markus has commited the long-awaited GSSAPI patch to OpenBSD's ssh. There are patches. The first [1] is a straightforward port of the OpenBSD code to Portable. The second [2] contains the parts I've stolen from Simon Wilkinson's portable GSSAPI patch in an attempt to make it build. It is incomplete and doesn't currently work. The PAM support is not there and

Hi All. New AIX packages of OpenSSH 3.6.1p1 are available for download at [1]. There are two tarballs, one for the as-distributed code and one with the password expiration patch. Each tarball contains binaries for AIX 4.x and AIX 5.x. The usual caveats apply (see page). These packages have been more popular than I ever thought they'd be. They are about to clock up the one thousandth

Hi All. As of now, openssh on AIX passes all regressions tests (and, yes, I just checked!), works with privsep, bugzilla has zero open AIX-specific bugs and IBM ship it essentially unmodified as a supported product. I think it's beyond "support underway" :-) -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69

Hi All. The attached patch speeds up the dynamic forwarding regression test: * moves starting the test sshd to the outer loop. * kills the sleep of when it's no longer required. -Daz. $ time PATH="`pwd`:$PATH" sh ../regress/test-exec.sh `pwd` \ ../regress/dynamic-forward.orig.sh ok dynamic forwarding real 0m54.585s user 0m5.760s sys 0m0.370s $ time

Hi All. While working on something I noticed core dumps from sshd. They don't seem to be related to what I was working on. It's from the process forked to run the shell. Just after the fork, fatal_remove_all_cleanups() is called, which looks like: fatal_remove_all_cleanups(void) { struct fatal_cleanup *cu, *next_cu; for (cu = fatal_cleanups; cu; cu = next_cu) {

Hi All. The recent setproctitle changes don't seem to work on NetBSD. Some of the variables are still used when the definitions are #ifdef'ed out. Attached patch fixes it, but I'm not sure it does it the right way. -Daz. gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I../../openbsd-compat -I../../openbsd-compat/.. -DHAVE_CONFIG_H -c

Hi All, I've been going through the bug queue and there's a number that have been waiting for reporter feedback for a long time (in one case 7+ months). Would anyone consider it unduly harsh if I took an axe to the queue and closed any bugs (ie the unconfirmed or WORKSFORME type) that have been waiting for reporter feedback for more than, say, 3 months? (Unless there's a documented

Hi. I just noticed that the new reconfigure regression test does not work properly (the test passes but it doesn't actually test anything) when SUDO=sudo is used, because the kill -HUP is run as a normal user. This is fixed in the attached patch. -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes

Hi All. Today a patch was commited to OpenSSH that performs PAM password changes via SSH2 keyboard-interactive authentication. I should work fine with privsep, which some of the other solutions have problems with. While the patch itself is relatively small, it's bigger than it should have been due to differences in PAM implementations. I encourage anyone with a interest in this to try

Hi All. I'm pleased to report that as of yesterday, OpenSSH -current now supports forced changes of expired passwords on most platforms, and bug #14 is now closed. Specifically, AIX's native authentication, BSD Authentication and shadow passwords with the expiry field are supported. The password is changed by exec'ing /usr/bin/passwd in the session. Interested parties should

Hello All, I've updated the AIX package builder (contrib/aix/buildbff.sh). The changes are below. Please review and commit if OK. First, a question: Does anyone want SRC (System Resource Controller) support in the packages? I don't use it but I've been sent an example of how do do it without modifying sshd itself. Onto the changes: * Supports PrivSep. Postinstall will create

Hello All, I've just attempted to build from -cvs on AIX and get the following: $ gcc [snip] -c ssh-agent.c ssh-agent.c: In function `main': ssh-agent.c:975: `BSDoptarg' undeclared (first use in this function) ssh-agent.c:975: (Each undeclared identifier is reported only once ssh-agent.c:975: for each function it appears in.) make: 1254-004 The error code from the last command is 1.

Hi. This was added just before 3.4p1 for passing to aix_usrinfo and is now unused. -Daz. Index: session.c =================================================================== RCS file: /cvs/openssh/session.c,v retrieving revision 1.210 diff -u -r1.210 session.c --- session.c 4 Jul 2002 03:08:41 -0000 1.210 +++ session.c 15 Jul 2002 11:50:14 -0000 @@ -1159,8 +1159,6 @@ void

Hello All, After seeing what is probably the zillionth "OpenSSL headers don't match library" bug report I made the following mod to configure.ac. It always writes the versions of the library and headers to config.log and prints them to stdout if they don't match. Hopefully this will help diagnose these problems in future. Example output below. -Daz. $ ./configure [snip]

Hi All. Damien merged a bunch of changes today which caused compile errors on a few platforms (which you can see live and in colour at [0]). a) Solaris, early AIX: ../crc32.c:100: `u_int32_t? undeclared (first use in this function) On these platforms u_int32_t is defined in defines.h which is not included by crc32.c. Fixed by attached patch. b) PAM platforms (Redhat, Solaris once a) is

Hi All. As of last night, sshd now segfaults on HP-UX (11.00, gcc 3.2.2) on startup. I've single-stepped through the code in freeaddrinfo and it's called with a valid *addrinfo, follows ai_next once then for some reason attempts to deref the second pointer which is NULL. Suspecting a compiler/optimization bug I recompiled fake-getaddrinfo.c without optimization but that made no

Hi All. Recently a change was merged from OpenBSD's sshd into Portable that implements a KerberosGetAFSToken option (patchset attached). This change causes compile errors with both MIT Kerberos and Heimdal (errors when compiled with MIT Kerberos below). I've figured out that the functions called in the new code are in Heimdal's libkafs, so adding -lkafs to the start for the

Hi All. Haven't looked at this yet but it looks like the resolver changes broke AIX and HP-UX. -Daz. AIX 4.3.3.11: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I../../openbsd-compat -I../../openbsd-compat/.. -I/usr/local/ssl/include -I/usr/local/include -DHAVE_CONFIG_H -c ../../openbsd-compat/getrrsetbyname.c ../../openbsd-compat/getrrsetbyname.c:133: warning: static