similar to: Compile errors on Solaris, early AIX and PAM platforms

Hi All. After one false start, I now have a Tinderbox up and running for the OpenSSH portable tree. For those not familiar with it, Tinderbox is a tool for automatically displaying the status of builds and tests. At the moment, I do 1 update and 4 builds hourly. It's not fully functional yet but the basics work. It can be found at http://dodgynet.dyndns.org/tinderbox/OpenSSH_Portable/ (I

Hi All. I (actually the tinderbox[1]) found a problem with the fix for bug #422: when PAM is enabled on a platform that uses /etc/shadow, the variable "passwd" in auth.c is used uninitialized. There's a simple patch attached to fix this. The question is: should the locked account test be done when PAM is enabled or should we rely on PAM to do the right thing? In theory they

Hi All, After finding out my AIX boxes haven't been updating their tinderbox[0] test trees (grr) and fixing that, I found that recent changes caused build errors on AIX 4.3.3 & 5.1. 4.2.1 appears OK. The error is: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I../../openbsd-compat -I../../openbsd-compat/.. -I/usr/local/ssl/include -I/usr/local/include -DHAVE_CONFIG_H

Hi All. The recent changes to scp caused build failures on Solaris and AIX 4.2 which showed up on the tinderbox[1]. I mentioned the first to djm in email yesterday but I'm posting after finding the second, in case anyone else has seen similar problems. Solaris' nanosleep is in librt (or libposix4 in older versions) which is not linked. Adding them to configure works fine, however ldd

Hi All. There are still build errors for scp on AIX 4.2.1 due to lack of nanosleep (which you can see them live and in colour at [1]). The attached patch fixes this by using the equivalent nsleep function on AIX if it exists and nanosleep doesn't. The patch is mostly the same as the AIX portion of the previous patch for the nanosleep issue, the major difference being that the #define is in

Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the

The following is a patch (based on FreeBSD code) which gets kbd-int working with privsep. It moves the kbd-int PAM conversation to a child process and communicates with it over a socket. The patch has a limitation: it does not handle multiple prompts - I have no idea how common these are in real-life. Furthermore it is not well tested at all (despite my many requests on openssh-unix-dev@). -d

I need a way to make sshd require S/KEY authentication to succeed before allowing either password or public-key authentication. Currently, we can only have S/KEY+password, by using PAM for authentication, and configuring PAM accordingly. But PAM of course can't handle SSH public keys. I thought for a while that ideally we could actually use PAM to tell sshd what methods of authentication to

http://www.mindrot.org/~djm/openssh/openssh-newpam-20030123.tar.gz Is a snapshot of the new PAM-via-KbdInt authentication support from FreeBSD's OpenSSH tree. Please test this now. I can only surmise by the silence that has greeted my previous requests for testing that the code works perfectly. -d

The following patch (relative to -current) makes PAM a proper kbd-interactive citizen. There are a few limitations (grep for todo), but the code seems to work OK for protocols 1 & 2 with and without privsep. Please have a play! auth2-pam.c is based on code from FreeBSD. Index: auth2-chall.c =================================================================== RCS file:

Remote vulnerability in SSH daemon crc32 compensation attack detector ----------------------------------------------------------------------- Issue date: 8 February 2001 Author: Michal Zalewski <lcamtuf at razor.bindview.com> Contact: Scott Blake <blake at razor.bindview.com> CVE: CAN-2001-0144 Topic: Remotely exploitable vulnerability condition exists in most ssh daemon

There are a couple of noteworthy changes in tonight's snapshot: 1. New UsePAM directive There is a new sshd_config directive, UsePAM for systems built using "configure --with-pam". This allows one to switch off all PAM calls from sshd. This is handy if one builds with PAM but wants to use the sshd's ability to run as a non-root user. Previously this was impossible if one

The Cray and tru64 patches I have, have been applied. Unless there is any major "oh my god it does not work". I believe 3.6 should now be ready for release soon. I'd like to thank everyone for providing feedback on the status of their their platform. Hopefully, we have not missed any platform that is commonly used. - Ben

TB --- 2003-10-02 04:44:07 - starting RELENG_4 tinderbox run for i386/i386 TB --- 2003-10-02 04:44:07 - checking out the source tree TB --- cd /home/des/tinderbox/RELENG_4/i386/i386 TB --- /usr/bin/cvs -f -R -q -d/home/ncvs update -Pd -rRELENG_4 src TB --- 2003-10-02 04:49:12 - building world TB --- cd /home/des/tinderbox/RELENG_4/i386/i386/src TB --- /usr/bin/make -B buildworld >>>

TB --- 2003-07-21 05:27:28 - starting RELENG_4 tinderbox run for i386/pc98 TB --- 2003-07-21 05:27:28 - checking out the source tree TB --- cd /home/des/tinderbox/RELENG_4/i386/pc98 TB --- /usr/bin/cvs -f -R -q -d/home/ncvs update -Pd -rRELENG_4 src TB --- 2003-07-21 05:33:30 - building world TB --- cd /home/des/tinderbox/RELENG_4/i386/pc98/src TB --- /usr/bin/make -B buildworld >>>

TB --- 2003-10-02 04:00:01 - starting RELENG_4 tinderbox run for alpha/alpha TB --- 2003-10-02 04:00:01 - checking out the source tree TB --- cd /home/des/tinderbox/RELENG_4/alpha/alpha TB --- /usr/bin/cvs -f -R -q -d/home/ncvs update -Pd -rRELENG_4 src TB --- 2003-10-02 04:07:38 - building world TB --- cd /home/des/tinderbox/RELENG_4/alpha/alpha/src TB --- /usr/bin/make -B buildworld >>>

TB --- 2013-07-08 08:10:00 - tinderbox 2.10 running on freebsd-legacy2.sentex.ca TB --- 2013-07-08 08:10:00 - FreeBSD freebsd-legacy2.sentex.ca 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 TB --- 2013-07-08 08:10:00 - starting RELENG_8 tinderbox run for none/none TB --- 2013-07-08 08:10:00 -

TB --- 2008-07-29 09:37:14 - tinderbox 2.3 running on freebsd-stable.sentex.ca TB --- 2008-07-29 09:37:14 - starting RELENG_7 tinderbox run for sparc64/sparc64 TB --- 2008-07-29 09:37:14 - cleaning the object tree TB --- 2008-07-29 09:37:32 - cvsupping the source tree TB --- 2008-07-29 09:37:32 - /usr/bin/csup -r 3 -g -L 1 -h localhost -s /tinderbox/RELENG_7/sparc64/sparc64/supfile TB ---

TB --- 2012-12-11 03:57:29 - tinderbox 2.9 running on freebsd-stable.sentex.ca TB --- 2012-12-11 03:57:29 - FreeBSD freebsd-stable.sentex.ca 8.3-STABLE FreeBSD 8.3-STABLE #0: Tue Oct 16 17:37:58 UTC 2012 mdtancsa at freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/server amd64 TB --- 2012-12-11 03:57:29 - starting RELENG_9 tinderbox run for i386/i386 TB --- 2012-12-11 03:57:29 - cleaning the

ssh won't compile on this platform log: gcc -g -O2 -Wall -I/usr/local/ssl/include -DETCDIR=\"/usr/local/etc\" -DSSH_PROGRAM=\"/usr/local/bin/ssh\" -DSSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh/ssh-askpass\" -DHAVE_CONFIG_H -c atomicio.c -o atomicio.o In file included from config.h:294, from bsd-misc.h:39, from includes.h:91,