From leon@hermes.si  Tue May  7 16:19:54 1996
Status: RO
X-VM-v5-Data: ([nil nil nil nil nil nil nil nil nil]
	["10512" "Tue" "7" "May" "1996" "15:16:59" "+0200" "Leon Mlakar" "leon@hermes.si" nil "220" "SSH on HP-UX 10.0 Secure System" "^From:" nil nil "5" nil nil nil nil]
	nil)
Received: from muuri.ssh.fi (muuri.ssh.fi [192.168.2.254]) by pilari.ssh.fi (8.7.5/8.7.3) with ESMTP id QAA21028 for <ylo@ssh.fi>; Tue, 7 May 1996 16:19:40 +0300 (EET DST)
Received: from hutcs.cs.hut.fi (root@hutcs.cs.hut.fi [130.233.192.6]) by muuri.ssh.fi (8.7.5/8.7.3) with ESMTP id QAA18588 for <ylo@ssh.fi>; Tue, 7 May 1996 16:19:33 +0300 (EET DST)
Received: from iki.fi (root@iki.fi [194.100.45.81]) by hutcs.cs.hut.fi (8.7.5/8.7.3) with ESMTP id QAA03206 for <ylo@cs.hut.fi>; Tue, 7 May 1996 16:19:25 +0300 (EET DST)
Received: from sparc.eunet.si (sparc.eunet.si [193.77.2.66]) by iki.fi (8.7.5/8.7.3) with SMTP id QAA12955 for <ylo@ssh.fi>; Tue, 7 May 1996 16:19:02 +0300 (EET DST)
Received: from guardian.hermes.si (guardian.hermes.si [193.77.5.150]) by sparc.eunet.si (8.6.8/8.7.3) with ESMTP id PAA06577; Tue, 7 May 1996 15:22:09 +0200
Received: from graybox.hermes.si by relay.hermes.si with ESMTP
	(1.39.111.2/16.2) id AA147555028; Tue, 7 May 1996 15:17:08 +0200
Received: from graybox.hermes.si (localhost [127.0.0.1]) by graybox.hermes.si (8.6.11/8.6.9) with ESMTP id PAA00746; Tue, 7 May 1996 15:17:04 +0200
Message-Id: <199605071317.PAA00746@graybox.hermes.si>
X-Mailer: exmh version 1.6 4/21/95
Return-Receipt-To: <leon@hermes.si>
X-Organization: HERMES SoftLab, Litijska 51, 61000 Ljubljana, Slovenia
X-Phone: +386 61 1865 239
From: Leon Mlakar <leon@hermes.si>
To: ylo@ssh.fi
Cc: Iztok.Umek@snet.fri.uni-lj.si
Subject: SSH on HP-UX 10.0 Secure System
Date: Tue, 07 May 1996 15:16:59 +0200
Reply-To: Leon Mlakar <leon@hermes.si>
Content-Type: application/pgp; format=mime; x-action=signclear; x-originator=C8F243E1
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0

-----BEGIN PGP SIGNED MESSAGE-----

content-type: text/plain; charset=us-ascii


Tatu,

I have modified SSH 1.2.13 to run on HP-UX 10.0 when configured as secure
system. HP-UX then uses a secure account database, which is basically a
SecureWare library (see www.secureware.com) with little adoptions for
HP-UX. I don't have other secureware systems arround hence the patch is
HP-UX specific.

Admittely, it is a half-hearted job with a "rude" modification of auth-passwd.c.
Nevertheless, it figures out whether the system is configured as secure system
or not - hence you can run it on "normal" HP-UX 10.0 systems as well. The
behavior is then the same as with non-patched version.

On secure systems it does:
  o extract the encrypted password from the secure database
  o prevent login by any authentication method if the administrator
    has locked the account
  o records a successful interractive login by any authentication
    method and records an unseccusfull login when password authentication
    fails
  o updates unsuccessful login counter at failed password authentication
  o resets unsuccessful login counter upon any succesful authentication
  o upon interactive login displays the last login messages for
    successful and unssucceful attempts - the difference against standard
    login is that the times are displayed in local timezone and not GMT
  o denies the password authentication if:
	- password is not set (on these systems the account, when
  	created, receives a password validation number, which at
        the first login lets the user to modify the password.
	- too many unsuccessful logins (passwd authentications)
	have been encountered. The limit is set by admin
	- the password is not correct (obviously ;-)

  o the login terminal device for ssh logins for the last login record is
    marked as ssh@pts/0.

It does not:

  o support password setting for the new accounts (through password 
    validation number)
  o check the permitted login hours for users
  o ckeck the password expiration or too long interval between two
    successive logins
  o check the user access lists per terminal
  o check the login hours per terminal
  o ... support other fancy security features as I don't even know
    all of them

I have used two new defines: -DHPUX_10=1 to bring in HP specific header
files and -DSECUREWARE=1 for the rest of the code. It is also necessary to
add -lsec into the LIBS variable. I have updated configure script to
reflect the change but did not modify configure.in.

It is unlikely that I'll spend more time on enhancing the integration with
SecureWare features. If you think the patch is good enough to be distributed
arround please feel free to do so. Apart from appending it at the end I
will make it available from ftp.hermes.si in /pub/ssh.

BTW, the configuration I use is:

configure --prefix=/opt/ssh --with-etcdir=/etc/opt/ssh

I compile the stuff with HP ANSI C compiler. I have tested the secure
system on HP-UX 10.10 and normal system on HP-UX 10.01.

Regards,

Leon

#!/bin/sh
# This is a shell archive (produced by GNU sharutils 4.1).
# To extract the files from this archive, save it to some FILE, remove
# everything before the `!/bin/sh' line above, then type `sh FILE'.
#
# Made on 1996-05-07 15:05 MET DST by <leon@graybox>.
# Source directory was `/home/leon/src'.
#
# Existing files will *not* be overwritten unless `-c' is specified.
#
# This shar contains:
# length mode       name
# ------ ---------- ------------------------------------------
#   3998 -rw-r--r-- ssh-1.2.13-hpux10-secureware.patch.gz
#
touch -am 1231235999 $$.touch >/dev/null 2>&1
if test ! -f 1231235999 && test -f $$.touch; then
  shar_touch=touch
else
  shar_touch=:
  echo
  echo 'WARNING: not restoring timestamps.  Consider getting and'
  echo "installing GNU \`touch', distributed in GNU File Utilities..."
  echo
fi
rm -f 1231235999 $$.touch
#
# ============= ssh-1.2.13-hpux10-secureware.patch.gz ==============
if test -f 'ssh-1.2.13-hpux10-secureware.patch.gz' && test X"$1" != X"-c"; then
  echo 'x - skipping ssh-1.2.13-hpux10-secureware.patch.gz (file already exists)'
else
  echo 'x - extracting ssh-1.2.13-hpux10-secureware.patch.gz (binary)'
  sed 's/^X//' << 'SHAR_EOF' | uudecode &&
begin 600 ssh-1.2.13-hpux10-secureware.patch.gz
M'XL("#9)CS$``W-S:"TQ+C(N,3,M:'!U>#$P+7-E8W5R97=A<F4N<&%T8V@`
MY1MK4]O&]C/Y%8M[D]KX@64PS\(M#21A2D@&A[9WFHY&2"NLBU[5(\;-Y+_?
M<\[N2BM9)M"F:=KK26RSVCWOU^X>.Y[KLK[-^@E+TVG?&(P&QL:ZE6?3?FRE
MZ<P9V-J#@3&L/GNTMK:V=.'*)`_9,W[%#(.-AGN;X[W1D!F[NUN/^OW^75!7
MWN2<O;3FC&TS8W-O/-H;RX5KU1>AW]KJ;1N,_D2X^.<V@V_]1XQ]Y86VGSN<
MM5*>O+.CT!U,6Y7QV\#R_<@6PX^Z\,1E#G>]D#OM%Z\O?S*-88<]>5*,34Z>
M7EZ<_'AT<=*AV1+.-^D\7<_F,4\'T\/*@VF<<CM/O&Q>?Q(G42;'>.AX+GPA
MTES`Q5X<_7!B$K+38QA=7V.3/(ZC)&-NE+")!,F.YZ$5>'8J1DZ/F6TES@`6
MP.MI%&:)=Y5GW&%7,#4*+=]A+^WO/=_W;"MDWSB!?8-_?/NK/;CBOC^PK<,!
M6UMOE/..T=O9%G)F3)#T)O%XRK*(H?IXF`'4C#/XRG*0-[QYX34CK49`%6,7
M/,N3$%8DH&!@F,C4UGI1R-+<MCEW4J)C%1%Y84:33`6I#8I,,V9/K82MH6)Y
M8B+"'M,?J-D=`/&>4/';C"<AB`I7O(H17<HB\;E/QK.SW=O=4,;SV7@$E8>H
M\]*V/A_739H>[8Q[(Z5K%,MHU^B-MPJO(KD<55GR4F8!4S$:&[@0RH>'=C*G
M`444S$E`*(Y8YQ/[""XAF;$T2^P@;A?K"M:1Q23A=B9&G`X[.&##?5C[@;S'
M3[EPD4*`"+G[*=37_9CZNA@U_K"RNJ"L[D>5I<T0`$A0%5PW?%[%D5I^UMD7
M9#(4<6YG@F$'")CM5X83LWBB'M&;)+<``X)]SC,2H^*!N9Z/.L^2.84H)6(I
M),;B&3M@USR+9Q"RVII,.@(16$U[-9YUA,B530P;<4+D!&O0+*L!<8&W0)PT
MHU8(D(!")6AA7[\=?HVQ7\I_$/,D\#*3!W$V5X)"0Q0DOY>$`T;+ON&9F4)4
M-QU^E5^W6T*AS(G`&,,()$V@&($JF?"C:R\<M*1`ZE(0UEZ02GP=L//+L[,Z
M`>UWD>=T`#VR#))I:Q`E0<>*$A`#B8RR%'S,TXP'/4`,]&;H'.`[ZSRSUV5V
M%M2M%/!`+4^GW+XAV:-,4S;SLBG`UMQ*JH(ITN6#GX>_Z'*.9_W#>"8EJSWK
M%(M+%I?(^0PE**6+]H&D1#DX9RGD*VY;BFD(65$.OCNUT@K!N@I*+1C[%%&4
M?=46,2MTZ@J=61A)/%X50:'&0AX?97S1&DIK`^L6<:`,EQ6`&B]UQ.#W(8;<
MN+:DAQ'!YV$[[G2J1%0-LB*<PD0A2$%$KMFD")&W1@_?1^5R"BU7N?NS,1S^
M4J&T8J^7%*@7#%5HPK$RZ\I*>45ONH7:9*'`<:$9R%<I1!,5P#5=H"!RU[\>
MN->F3$6:E]_+"B^1*!T5.AJBP[J7<W8DS>[(";S0`U%;6934C8Y=1^!ZKN7Y
M^Q7+6=0D,`C2L3F;\67N+`20HE-;/K,R61A";G%UG$7LE(XQ8$<!41K!$PRM
MH(1>.0NB*6<!%.I77(<"]?0-^!X&!"N<@X%8*61-&9H+L:#[\-O82V!J50UH
M)F#4%4T@3/;O8LP9N(X8VQ-CJ396%>.B'>B>3S!JX8GP'SY(XTJCH&O'2ZTK
M'YCZ%,JN!@"=%5EDN;YUK8P9=03ZR%,,:.\X:(6'+`^I7$E3-R?%8X1*%P*R
M+NJ0TE"ZC'MT7TT[)'6Y9(G@E^DTL&[-C.JS6IQCH.DJ@G)J3=_%@P;'+R4%
MLS!.$0`EK(@-28*^AYE8<U)--G6+P"Q%_!\20]70^'Z!BS_#4)88"[X^-,<)
M24M3FM!%+&-=IY)<ZDFB84%SKKAGID8F^$*^_6CH*W2K!UFY1]#U=U<AM)BW
M$.&>JC5?\V1JQ2G&/#`8*")\)_PZ`Y]BZ&40&'U?4E_;'JC9"A&L`.^XQAH`
M2X?2&^>E.^*V2$R"/`F4`2L8RD!"[4*D;A[:"!_!Y"F>GU#!"(N!DB8?3_BU
ME3@^!7FT=`6HMIL).)1(#FM#/F!1"%1!IN9)8@&R=YS)6,!F4RSO-2C-<049
M(2"*&[<:]*NX%2R0,.039Z#^EAH$&*:.QI1H&C8/RQ1-;WK-\J'<L'FI*;.`
M*3)692-%P(M]V9U;)%'<^&7BT6Q9?OV]FY>&[8O&]9*-0-7[I+^=1ZHF:$!+
M*!^GK1ZK0/^8"RV6@UK.`GE\BB2^'+_$C7@.*\I-,[`NNT%C*61%D^2)PI*!
M#N&3J348VH,-`D)D4II%I;;MR0WT9["*+\,XA'X:+`,G`_45!P)2VZ5ZY*EL
M._5^XY';KHL:$@U;7<Y4P`,[GBMPE+4@22T#I1.H":]44<)E<;4DYE$(P:,=
M8*)2/Y#\@=?!DLI*IUG-T\LI=M#H6$R78P$[I36PQ-BO/2:0Q>/,"WB;)%>?
M)\"`=&`'*\'HVHD/X`%6_.WAW>+'8SP0/]A]+ZY8"Y8@JZJ::*T[_-UZJX?3
MQAV("O"E.X9(`)^TSP;C9@FX)B0OFEK*56E*(JKR2?3W$)>@$""W(%>V]NCC
MVU8U=-;YD&!#R$^-<..>,:S5*DU2I(V1I@KA)W%>N&M5W3"[QY[@6.?NL">M
M0(]:C0GR;QBWOHR8]:"@]65[AZXM#TIU'@"SU1`F8H*,7YJ2&F+6TL`BGW>[
M^R4Z4<""HMYY-E\"-[\[7N7WC%?$CQ:Q-!%7X85+(P/[@Z&A`%T$A\\=$J2R
M*2;`KC+VK;GI6VF&\<$+W>CW%[:-IW.?*`K(_'R_HF71-PLA0_'MPGX2^$5N
MZM:-%#Q.0<6UW2M*N%Y&EY6J2I?:N5\U6PNDYR<_G%R\3=Z&K84RHC@"7>K^
MS$IMLFZH="R?OCVID"B(Z'0J80*5(3?<\+73-WYAXK!XOY@B7#"(8/N6);!%
MQ9/3MV'U7$-Q\!AVAR$(B)CH,:*K2H1PKP7^FA70$%[N4@!;KH'\2]!`_B5H
M0,673D-6NG43SE6E6TQ8W.?()66C`?QS&GL_L$G"NQY,!R#\:H^&]J3>]Z$]
M:NCZ,)9U?>C+JCT?P]UB6?,-]:AV0XT#Y=4]O"S'@<(]A=279MQRY!D(FT9@
MI61ZP-_QZ>3UV=%_Y#WT5SG=PK]X/;G\R3Q_=3YY<W1^?'1Q;/YD&.;W9Y?'
MST]$CP@H]YC:0<3A$)CN/,KIZ$-<)V/?"#.&@Z&\]2D`4SN)D'XCC$3=:M"!
M"(*BM@[^HSP?PJNM)+*YDQ>'YA*VUCK0E8T+-?#P/3/A/P3G&WE"A4=3>.ZB
MRXBFH>P&C+VAI:F0)PK/ME(\WF''SX'!\6"S*KCO+EY]?W)NGIZ?O#&/CH\O
M[C0PNIQH,`88;S8N>-!@6J.[30L7/<BP=G;&O9W=HLTE"5C?Q>MT-^-I)AM?
M\+6__V@5/M;Z:_UIG-^N=>3X5T+Y>"J?,C>)`O;?ZRC+TF]YB%>[>>#9TP'H
M3T['XS$`S/J_L=:_GC]]VMI'.8>/5(QX^NSLZ/GDH/4O\87UCRS6/S;)DB:O
M+B^>GK3D7->37Z`\88>'1#,H)1U,V3??O#UY]0SU))J8[K1P9L!$,;UDE5IC
M0#*[QE!YV'TEL_N/$DV71%-$WWT1<!6OQG!-I:I[,]N]D]GN`YCM*F;%E[/3
M[W`!?K`^9$);S5@JA>[]I5!.I)!6&=.:<)ILJ3DHB,Z'>J^A'*T'!#G\D/Y"
MM>1A668\[HVV#!4,&)ME`>[2)I,7YH]O7K[&!B2948LO:/NU+CY0P>6;TS/S
M[-7STW."(T[VG^0=`0';ER!@+T[&\$K931)29+=[$?))R6B2S^;&;F]S<[/,
MPC0P+F+$"B!HMX`<K/Z=*WE=LL<>@T:&N#>'*HHG292TX3V,.D2'*'`4&TPU
M92XD.5$RYK#C@7U:WZBWP"PYT-5.`SX4]1!I[`/A%JGS@O:O>/=C9>7V!2^L
MY;5&E&>4^UZ)^Q+-V/988-WP/@[<A-$L[&/!D0Z,)78/7\$!J[9*8W6;I\%%
MBS?&RRQ>+'B0O6^,MGH;&R-E[Y^C^?&/]SGN"TL7-W:PUPA2HN]B<E1'['@6
MJ$]T)U$UXWL<6QQ$G2,VE[+8&:J+*S$'CTB@7,(+8BB9=%DX/6K[,7!^#=W,
MDL!*,U2XL&6"W^*MLRLO[;%]D@&37I2GM)N.[,AG[[S(M\2=GXP$0D5;RL/^
M/BI:=.'5!YQA$HC[7M24DS]Z%B)(4Y'S_\"&ED:AQ49_,=@0AQ[8VB]7/"@2
M&<;F9@_>=LO<(H?&(VV/)X-VD6':G3(3%JGL<G)R`69GOI`;IL9<(N\25Q?O
MA(N,H>4*O7E`$-',Q>802-X<ZEQL#K=AR"AVJBNL[H"07@X$8/GL*N'63?&W
M=OY"(_(T_'7S#;LX?:%\6_1:%&?BM#[@0<KUII!AV="A'%C-%:<-FE\W<VWL
M`(NCK;)NPA>HX]35[!C;'ZI.0'QB:L5]J!]%<=$?+DOD=F4![BM6I&SZ3,<S
M`4V!*P2`R+K&C;Y#TJ#^09G0:U*2842)2,>K6E<R*\G:6'!-7DZ>F\^.3L_`
M?HJ*I=+BTEX<GB5>QLV9Y65MK<H1%C$:@;@VAKI=_\GB^JMDI5GN[Q=:H\WM
M;`U[\#;6/&UG"YQO9UN3*Z8!T55CXEF?N(@R:Z.J&1<JRZ(IED[C47[XH@,Z
M>9N,YW]$FCAU(8D^PP,6BOM3SR_E(VZ)/'1N\,F;=J<CSS8%7^^7A)#=$7"Q
MNV%4G0E>+Z(9=G/VF!-A7Y),==AP25V:^#N!Q**4`IDG"###8`%+/8'DS6G,
M;<_U(-RTTTAH&T(UPQ\&J7,AJ"KX+;=S*"@D##JKM.AL,^,$)K"`3]CVJ4YK
MT0*.M:]LV)W3R=AU)'O)K5#TDLIUG06K5=2J6YHG3Q84!Q4_M>*M_II[7#[I
M0"9?>2_B%/:D1R$VL),B'*J((LR.60)D2)0P$:&98A#;X\0)<`V;"GZT+Q!'
MNE/M6#?D,_CD184&&MM%C6U7_?F?IK%N\Z^6/HT:V5^LQV9/W(#,O;NYH3QQ
M1=XPR+Q<N08AK+#1E6<_Q>&^1B>=]`N:/H@M3!&37R,H\:,+4)K#\M#'D^S2
M+/!G!:4Q0(8GY,@%U(.B9EPIVTMQ?RI^?J)^R,+8>42;!+2@B'JX2;6`(XXY
M%,991"`(+,($$.(W($E$/_,!E*D7>+Z5:':_N0'R&8^URN83RH>.)^ATY0X#
FJQN2#*W%-WPU[@FT.-_9+Z9_*#8'$.!U&']K9?T/#*K@L_,[``".
`
end
SHAR_EOF
  $shar_touch -am 0507145996 'ssh-1.2.13-hpux10-secureware.patch.gz' &&
  chmod 0644 'ssh-1.2.13-hpux10-secureware.patch.gz' ||
  echo 'restore of ssh-1.2.13-hpux10-secureware.patch.gz failed'
  shar_count="`wc -c < 'ssh-1.2.13-hpux10-secureware.patch.gz'`"
  test 3998 -eq "$shar_count" ||
    echo "ssh-1.2.13-hpux10-secureware.patch.gz: original size 3998, current size $shar_count"
fi
exit 0



-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBMY9NR5Ztei7I8kPhAQG+IQP/ba3PgwUsEYWW20Nahs+PqQm9HytlNJbY
MBb/Iqrm8JdDHGLfxVxd3s8ab3PiUKhF2xUfXd6yAHed75NCTRm+Qm+a6mLfV2QX
f+nPVmpBVbzl84b3qJDwZzaFWaoekIqgcxkXb+Ed/IsKZdeBil1uy+QaOMsgmH8v
BlH1vhG6XIo=
=ItP1
-----END PGP SIGNATURE-----