Subject: PR11150 on login_getclass()
To: None <mjl@netbsd.org>
From: None <itojun@iijlab.net>
List: tech-userlevel
Date: 10/10/2000 22:19:19
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <10833.971183957.1@coconut.itojun.org>
Content-Transfer-Encoding: 7bit
from changelog, it looks that you have made the change for
secure_path(). does it sound reasonable?
itojun
------- =_aaaaaaaaaa0
Content-Type: message/rfc822
by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id TAA28347
for <itojun@itojun.org>; Sat, 7 Oct 2000 19:18:21 +0900 (JST)
by sh1.iijlab.net (8.9.1+3.1W/3.7W) with ESMTP id TAA09826
for <itojun@iijlab.net>; Sat, 7 Oct 2000 19:12:06 +0900 (JST)
by mail.cc.kshosen.ac.jp (8.9.3/3.7W) with SMTP id TAA25619;
Sat, 7 Oct 2000 19:18:16 +0900 (JST)
Date: Sat, 7 Oct 2000 19:16:22 +0900 (JST)
From: KAMAHARA Junzou <kamahara@cc.kshosen.ac.jp>
Reply-To: KAMAHARA Junzou <kamahara@cc.kshosen.ac.jp>
To: itojun@iijlab.net
cc: gnats-bugs@gnats.netbsd.org, kamahara@cc.kshosen.ac.jp
Subject: Re: pkg/11150: patch-aa for inhibit login_cap spport of openssh2.2.0p1 pkg
In-Reply-To: <3214.970819028@coconut.itojun.org>
Message-ID: <Pine.W95.3.95LJ1.1b3.1001006181433.-766927H-100000@rigel.cc.kshosen.ac.jp>
Sender: kamahara@cc.kshosen.ac.jp
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 6 Oct 2000 itojun@iijlab.net wrote:
> >>Synopsis: patch-aa for inhibit login_cap spport of openssh2.2.0p1 pkg
>
> not sure. openssh (sshd) require us to have login.conf, and rejects
> login attempt if we don't have one (if login_cap support is enabled).
> as we do not ship login.conf, i'm not sure if it is good to require
> login.conf for all openssh installation.
Ok, I found that login_getclass() in libutil do not work well. In this
function there are codes which return "default" class when login.conf
dosen't exists, but as chechking secure_path login_getclass() returns 0.
This behavior is not expected, I thinks.
diff -u --new-file login_cap.c.org login_cap.c
--- login_cap.c.org Fri Feb 11 21:16:08 2000
+++ login_cap.c Sat Oct 7 18:44:44 2000
@@ -72,7 +72,8 @@
for (res = 0; classfiles[res]; ++res)
if (secure_path(classfiles[res]) < 0)
- return (0);
+ if ( errno != ENOENT )
+ return (0);
if ((lc = malloc(sizeof(login_cap_t))) == NULL) {
syslog(LOG_ERR, "%s:%d malloc: %m", __FILE__, __LINE__);
--
KAMAHARA Junzo
kamahara@cc.kshosen.ac.jp
Kobe University of Mercantile Marine,
Information Processing Center
------- =_aaaaaaaaaa0--