Bug#261363: PAM service name only set on first compile
Package: openssh-server
Version: 1:4.1p1-7
Followup-For: Bug #261363
The debian/rules file specifies the CFLAGS only when building with the
build-deb-stamp target. If the compile succeeds and the
build-deb-stamp is touched compiling again will not have those CFLAGS
specified and the PAM service name will default to be argv[0] which
causes problems.
Another words,
apt-get source openssh-server
cd openssh-4.1p1
dpkg-buildpackage -nc
[ and sshd will use the "ssh" service name ]
touch auth-pam.c [ or actually modify it ]
dpkg-buildpackage -nc
[ and sshd will now use "sshd" if that is what the executable is
called. ]
It really through me for a loop why my modification caused PAM to
ignore the /etc/pam.d/ssh file, I finally figured out that it was
looking for /etc/pam.d/sshd and why.
I included a patch to the rules file rules.patch to take care of this
problem. The CFLAGS are set when configure is run causing configure
to include those CFLAGS in all compiles, not just the compiles where
CFLAGS is specified. There is one problem with doing it this way.
configure fails if
-DSSH_EXTRAVERSION="\" $(SSH_EXTRAVERSION)\""
is included in the CFLAGS when configure runs. I didn't figure out
why though that it works for the actual compile, but not for the
configure stage.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages openssh-server depends on:
ii adduser 3.67 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy
ii dpkg 1.13.11 package maintenance system for Deb
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libpam-modules 0.76-23 Pluggable Authentication Modules f
ii libpam-runtime 0.76-23 Runtime support for the PAM librar
ii libpam0g 0.76-23 Pluggable Authentication Modules l
ii libselinux1 1.24-4 SELinux shared libraries
ii libssl0.9.7 0.9.7g-1 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii openssh-client 1:4.1p1-7 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-4 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/encrypted_host_key_but_no_keygen:
ssh/disable_cr_auth: false
--- ./ssh_test2/openssh-4.1p1/debian/rules 2005-09-11 19:33:02.000000000 -0500
+++ ./ssh_test6/openssh-4.1p1/debian/rules 2005-09-13 20:23:24.000000000 -0500
@@ -71,7 +71,7 @@
build-deb-stamp:
dh_testdir
mkdir -p build-deb
- cd build-deb && $(FORCE_LIBS) ../configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --mandir=/usr/share/man --with-tcp-wrappers --with-xauth=/usr/bin/X11/xauth --with-default-path=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin --with-pam --with-4in6 --with-privsep-path=/var/run/sshd --without-rand-helper --with-libedit $(SELINUX)
+ cd build-deb && $(FORCE_LIBS) CFLAGS='$(OPTFLAGS) -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT -DSSHD_PAM_SERVICE=\"ssh\"' ../configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --mandir=/usr/share/man --with-tcp-wrappers --with-xauth=/usr/bin/X11/xauth --with-default-path=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin --with-pam --with-4in6 --with-privsep-path=/var/run/sshd --without-rand-helper --with-libedit $(SELINUX)
ifeq ($(DEB_HOST_ARCH_OS),linux)
# Some 2.2 kernels have trouble with setres[ug]id() (bug #239999).
@@ -80,7 +80,7 @@
# Debian's /var/log/btmp has inappropriate permissions.
perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-deb/config.h
- $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='$(OPTFLAGS) -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT -DSSHD_PAM_SERVICE=\"ssh\" -DSSH_EXTRAVERSION="\" $(SSH_EXTRAVERSION)\""'
+ $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
# Support building on Debian 3.0 (with GNOME 1.4) and later.
if [ -f /usr/include/libgnomeui-2.0/gnome.h ]; then \
$(MAKE) -C contrib gnome-ssh-askpass2 CC='gcc $(OPTFLAGS) -g -Wall'; \
@@ -94,13 +94,13 @@
build-udeb-stamp:
dh_testdir
mkdir -p build-udeb
- cd build-udeb && $(FORCE_LIBS) ../configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --without-xauth --with-default-path=/usr/local/bin:/bin:/usr/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin --with-4in6 --with-privsep-path=/var/run/sshd --without-rand-helper
+ cd build-udeb && $(FORCE_LIBS) CFLAGS='-Os -g -Wall' ../configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --without-xauth --with-default-path=/usr/local/bin:/bin:/usr/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin --with-4in6 --with-privsep-path=/var/run/sshd --without-rand-helper
# Debian's /var/log/btmp has inappropriate permissions.
perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-udeb/config.h
# Avoid libnsl linkage. Ugh.
perl -pi -e 's/ +-lnsl//' build-udeb/config.status
cd build-udeb && ./config.status
- $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-Os -g -Wall -DSSH_EXTRAVERSION="\" $(SSH_EXTRAVERSION)\""' ssh scp sftp sshd ssh-keygen
+ $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
touch build-udeb-stamp
clean:
Reply to: