Re: openssh 4.6p1 bug / IRIX

[Tim Rice <tim@multitalents.net>]

On Sat, 24 Mar 2007, Darren Tucker wrote:

> On Sat, Mar 24, 2007 at 09:19:43AM +0100, g.fischer@ah-online.com wrote:
> > 
> > thanks for the hints.
> > i got it done by hardcoding the solution you mentioned. not nice but worked.
> > 
> > maybe the check for the libiaf should be refined.
> 
> This diff ought to do it (you will need to run "autoreconf" to rebuild
> configure if you try this).  It also prevents libiaf from being linked
> to anything other than sshd, and then only if it's used.
> 
> Hopefully this still works on the platforms that have libiaf (according
> to the survey data, this includes UnixWare 2, 6 and 7).  Tim?
> 
> Index: auth.c
auth.c bits are OK

> Index: configure.ac
Minor correction.
.....
--- openssh/configure.ac.old    2007-03-24 15:23:31.521293001 -0700
+++ openssh/configure.ac        2007-03-25 19:26:00.029084007 -0700
@@ -1978,7 +1978,12 @@
 # Search for SHA256 support in libc and/or OpenSSL
 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
 
-AC_CHECK_LIB(iaf, ia_openinfo)
+saved_LIBS="$LIBS"
+AC_CHECK_LIB(iaf, ia_openinfo, [
+       LIBS="$LIBS -liaf"
+       AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
+])
+LIBS="$saved_LIBS"
 
 ### Configure cryptographic random number support
 
.....

> Index: defines.h
defines.h bits are OK

> Index: session.c
session.c bits are OK

For completeness I think we should add these bits.
....
--- openssh/openbsd-compat/port-uw.c.old        2006-09-06 14:33:55.391918000 
-0700
+++ openssh/openbsd-compat/port-uw.c    2007-03-25 18:23:48.758604003 -0700
@@ -79,7 +79,7 @@
 #endif /* UNIXWARE_LONG_PASSWORDS */
                result = (strcmp(xcrypt(password, salt), pw_password) == 0);
 
-#if !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
        if (authctxt->valid)
                free(pw_password);
 #endif
@@ -127,7 +127,7 @@
        functions that call shadow_pw() will need to free
  */
 
-#if !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
 char *
 get_iaf_password(struct passwd *pw)
 {
@@ -144,6 +144,6 @@
        else
                fatal("ia_openinfo: Unable to open the shadow passwd file");
 }
-#endif /* !BROKEN_LIBIAF */
+#endif /* USE_LIBIAF */
 #endif /* HAVE_LIBIAF */
 
--- openssh/openbsd-compat/port-uw.h.old        2005-08-31 08:48:19.611180000 
-0700
+++ openssh/openbsd-compat/port-uw.h    2007-03-25 18:24:10.148604002 -0700
@@ -24,7 +24,7 @@
 
 #include "includes.h"
 
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
 char * get_iaf_password(struct passwd *pw);
 #endif
 
--- openssh/openbsd-compat/xcrypt.c.old 2006-09-06 14:33:55.971918000 -0700
+++ openssh/openbsd-compat/xcrypt.c     2007-03-25 18:24:25.728604004 -0700
@@ -98,7 +98,7 @@
                pw_password = spw->sp_pwdp;
 # endif
 
-#if defined(HAVE_LIBIAF)  &&  !defined(BROKEN_LIBIAF)
+#ifdef USE_LIBIAF
        return(get_iaf_password(pw));
 #endif
 
....

-- 
Tim Rice                                Multitalents    (707) 887-1469
tim@multitalents.net


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev