Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
ANNOUNCE: openssh-1.2.1pre20
djm at mindrot
Dec 24, 1999, 3:30 PM
Post #1 of 8 (2184 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


openssh-1.2.1pre20 has been released at:

http://violet.ibs.com.au/openssh/files/

This release integrates more of Andre Lucas' portability patch, Ben
Taylor's utmpx patch and some cleanups and bugfixes of my own.

The auth-passwd failures should be fixed, as should lastlog support on
NetBSD.

Since Andre Lucas' patch included platform detection, we should use
it to set appropriate compiler flags. I recall some discussion about
solaris needing special flags to get openssh to compile. These can now
be set by autoconf (if you tell me what they are).

The PAM support has been slightly cleaned up and I have fixed a small
bug in the authentication (auth_password was not being tried with an
empty password for PAM first). This has necessitated a small change to
the PAM config file.

I am very interested to hear how this release compiles on Solaris,
HPUX and AIX.

ChangeLog:

19991225
- More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
- Cleanup of auth-passwd.c for shadow and MD5 passwords
- Cleanup and bugfix of PAM authentication code

19991223
- Merged later HPUX patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Above patch included better utmpx support from Ben Taylor
<bent@clark.net>:

19991222
- Fix undefined fd_set type in ssh.h from Povl H. Pedersen
<pope@netguide.dk>
- Fix login.c breakage on systems which lack ut_host in struct
utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>

- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4ZAIbormJ9RG1dI8RAmp2AJ962AAA5qwWCEqgwFGB/YbdM65o3ACgyW0g
k+92eziI5oqXySFkuhCNCqY=
=t4uu
-----END PGP SIGNATURE-----
Re: ANNOUNCE: openssh-1.2.1pre20 [ In reply to ]
karn at ka9q
Dec 24, 1999, 4:08 PM
Post #2 of 8 (2183 views)
Permalink
As far as I can tell, user password authentication is still broken
in 1.2.1pre20. This is with Debian 2.1 Linux on both ends, 2.2.13 kernels:

marge.ka9q.ampr.org$ slogin homer
Enter passphrase for RSA key 'karn@ka9q.ampr.org': [deliberately hit return here]
Bad passphrase.
karn@homer.ka9q.ampr.org's password: [enter correct password here]
Permission denied, please try again.
karn@homer.ka9q.ampr.org's password: [enter correct password here]
Permission denied, please try again.
karn@homer.ka9q.ampr.org's password: [enter correct password here]
Permission denied.


--Phil
Re: ANNOUNCE: openssh-1.2.1pre20 [ In reply to ]
karn at ka9q
Dec 24, 1999, 5:37 PM
Post #3 of 8 (2195 views)
Permalink
A followup observation: the problem I was having with password
authentication goes away if I enable shadow passwords. Perhaps the
sshd password checking routine assumes that shadow passwords are
always on?

Phil
Re: ANNOUNCE: openssh-1.2.1pre20 [ In reply to ]
bent at clark
Dec 24, 1999, 6:48 PM
Post #4 of 8 (2187 views)
Permalink
Here are my patches against pre20 which make utmpx support
work correctly for Solaris.

Fixes:

login.c: fix typo, add code, clean ups for utmpx
bsd-login.c: cleanup case with old_ut is only used when
HAVE_HOST_IN_UTMP is used, as well as move defines
used in only that case
config.h.in: fix for utmpx

Ben

Attached Files:

Re: ANNOUNCE: openssh-1.2.1pre20 [ In reply to ]
djm at mindrot
Dec 25, 1999, 3:42 AM
Post #5 of 8 (2198 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 24 Dec 1999, Ben Taylor wrote:

>
> Here are my patches against pre20 which make utmpx support
> work correctly for Solaris.

Applied. A question before I commit it:

===================================================================
RCS file: /var/cvs/openssh/login.c,v
retrieving revision 1.11
diff -u -r1.11 login.c
- --- login.c 1999/12/24 23:11:29 1.11
+++ login.c 1999/12/25 11:34:14
@@ -152,10 +152,11 @@
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
memset(&utx, 0, sizeof(utx));
strncpy(utx.ut_user, user, sizeof(utx.ut_name));
+ strcpy(utx.ut_id, "sshd");

My docs (utmp.h) indicates that the ut_id field is used to
indicate the id of the process from the inittab. Is it used for
something different on Solaris?

Regards,
Damien

- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4ZK3BormJ9RG1dI8RAhSlAJ48eed0lvf5L0//RLOPo5xKSHzsWwCdGsz3
57+k6rAL2JYXZzDI5RoS6Qc=
=RnzM
-----END PGP SIGNATURE-----
Re: ANNOUNCE: openssh-1.2.1pre20 [ In reply to ]
bent at clark
Dec 25, 1999, 5:00 AM
Post #6 of 8 (2174 views)
Permalink
On Sat, 25 Dec 1999, Damien Miller wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 24 Dec 1999, Ben Taylor wrote:
>
> >
> > Here are my patches against pre20 which make utmpx support
> > work correctly for Solaris.
>
> Applied. A question before I commit it:
>
> ===================================================================
> RCS file: /var/cvs/openssh/login.c,v
> retrieving revision 1.11
> diff -u -r1.11 login.c
> - --- login.c 1999/12/24 23:11:29 1.11
> +++ login.c 1999/12/25 11:34:14
> @@ -152,10 +152,11 @@
> #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
> memset(&utx, 0, sizeof(utx));
> strncpy(utx.ut_user, user, sizeof(utx.ut_name));
> + strcpy(utx.ut_id, "sshd");
>
> My docs (utmp.h) indicates that the ut_id field is used to
> indicate the id of the process from the inittab. Is it used for
> something different on Solaris?

Probably best not to commit it. I think I might have been a bit
over zealous to fill out all the fields in the utmpx structure.

Ben

>
> Regards,
> Damien
>
> - --
> | "Bombay is 250ms from New York in the new world order" - Alan Cox
> | Damien Miller - http://www.mindrot.org/
> | Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.0 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE4ZK3BormJ9RG1dI8RAhSlAJ48eed0lvf5L0//RLOPo5xKSHzsWwCdGsz3
> 57+k6rAL2JYXZzDI5RoS6Qc=
> =RnzM
> -----END PGP SIGNATURE-----
>
Re: ANNOUNCE: openssh-1.2.1pre20 [ In reply to ]
andre.lucas at dial
Dec 26, 1999, 12:08 PM
Post #7 of 8 (2189 views)
Permalink
8< 8<

> >
> > My docs (utmp.h) indicates that the ut_id field is used to
> > indicate the id of the process from the inittab. Is it used for
> > something different on Solaris?
>
> Probably best not to commit it. I think I might have been a bit
> over zealous to fill out all the fields in the utmpx structure.
>

I don't think you were! pututxline() uses the ut_id field as a key into
the utmpx file, so if it's not set I don't see how the system can know
where to put the entry. Maybe some OSs look at the ut_line entry. With
the current code, HPUX puts all the pty entries in the same place...

This is from Linux's utmp manpage:

char ut_id[4]; /* init id or abbrev. ttyname */

I think it only matters about inittab stuff when the ut_type field is
something other than USER_PROCESS or DEAD_PROCESS, the only ones ssh
uses. AFAIK.

-Andre
Re: ANNOUNCE: openssh-1.2.1pre20 [ In reply to ]
djm at mindrot
Dec 26, 1999, 4:55 PM
Post #8 of 8 (2176 views)
Permalink
On Sun, 26 Dec 1999, Andre Lucas wrote:

> I don't think you were! pututxline() uses the ut_id field as a key
> into the utmpx file, so if it's not set I don't see how the system
> can know where to put the entry. Maybe some OSs look at the ut_line
> entry. With the current code, HPUX puts all the pty entries in the
> same place...

Ok, I am now copying the last couple of characters of the tty path.
This is what Linux's /bin/login does.

Index: login.c
===================================================================
RCS file: /var/cvs/openssh/login.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- login.c 1999/12/25 23:21:48 1.12
+++ login.c 1999/12/27 00:33:56 1.13
@@ -141,6 +141,7 @@
/* Construct an utmp/wtmp entry. */
memset(&u, 0, sizeof(u));
strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));
+ strncpy(u.ut_id, ttyname + 8, sizeof(u.ut_id));
u.ut_pid = (pid_t)pid;
u.ut_time = time(NULL);
strncpy(u.ut_name, user, sizeof(u.ut_name));
@@ -153,6 +154,7 @@
memset(&utx, 0, sizeof(utx));
strncpy(utx.ut_user, user, sizeof(utx.ut_name));
strncpy(utx.ut_line, ttyname + 5, sizeof(utx.ut_line));
+ strncpy(utx.ut_id, ttyname + 8, sizeof(utx.ut_id));
utx.ut_pid = (pid_t)pid;
utx.ut_tv.tv_sec = time(NULL);
utx.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;


Regards,
Damien

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal