tech-userlevel: PR11150 on login

Subject: PR11150 on login_getclass()
To: None <mjl@netbsd.org>
From: None <itojun@iijlab.net>
List: tech-userlevel
Date: 10/10/2000 22:19:19
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <10833.971183957.1@coconut.itojun.org>
Content-Transfer-Encoding: 7bit

	from changelog, it looks that you have made the change for
	secure_path().  does it sound reasonable?

itojun

------- =_aaaaaaaaaa0
Content-Type: message/rfc822

	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id TAA28347
	for <itojun@itojun.org>; Sat, 7 Oct 2000 19:18:21 +0900 (JST)
	by sh1.iijlab.net (8.9.1+3.1W/3.7W) with ESMTP id TAA09826
	for <itojun@iijlab.net>; Sat, 7 Oct 2000 19:12:06 +0900 (JST)
	by mail.cc.kshosen.ac.jp (8.9.3/3.7W) with SMTP id TAA25619;
	Sat, 7 Oct 2000 19:18:16 +0900 (JST)
Date: Sat, 7 Oct 2000 19:16:22 +0900 (JST)
From: KAMAHARA Junzou <kamahara@cc.kshosen.ac.jp>
Reply-To: KAMAHARA Junzou <kamahara@cc.kshosen.ac.jp>
To: itojun@iijlab.net
cc: gnats-bugs@gnats.netbsd.org, kamahara@cc.kshosen.ac.jp
Subject: Re: pkg/11150: patch-aa for inhibit login_cap spport of openssh2.2.0p1 pkg
In-Reply-To: <3214.970819028@coconut.itojun.org>
Message-ID: <Pine.W95.3.95LJ1.1b3.1001006181433.-766927H-100000@rigel.cc.kshosen.ac.jp>
Sender: kamahara@cc.kshosen.ac.jp
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


On Fri, 6 Oct 2000 itojun@iijlab.net wrote:
> >>Synopsis:       patch-aa for inhibit login_cap spport of openssh2.2.0p1 pkg
> 
> 	not sure.  openssh (sshd) require us to have login.conf, and rejects
> 	login attempt if we don't have one (if login_cap support is enabled).
> 	as we do not ship login.conf, i'm not sure if it is good to require
> 	login.conf for all openssh installation.

 Ok, I found that login_getclass() in libutil do not work well. In this
function there are codes which return "default" class when login.conf
dosen't exists, but as chechking secure_path login_getclass() returns 0.
This behavior is not expected, I thinks.

diff -u --new-file login_cap.c.org login_cap.c
--- login_cap.c.org     Fri Feb 11 21:16:08 2000
+++ login_cap.c Sat Oct  7 18:44:44 2000
@@ -72,7 +72,8 @@

        for (res = 0; classfiles[res]; ++res)
                if (secure_path(classfiles[res]) < 0)
-                       return (0);
+                       if ( errno != ENOENT )
+                               return (0);

        if ((lc = malloc(sizeof(login_cap_t))) == NULL) {
                syslog(LOG_ERR, "%s:%d malloc: %m", __FILE__, __LINE__);

--
KAMAHARA Junzo
                                kamahara@cc.kshosen.ac.jp
 Kobe University of Mercantile Marine,
                        Information Processing Center






------- =_aaaaaaaaaa0--