Package: openssh-server Version: 1:4.1p1-7 Followup-For: Bug #261363
The debian/rules file specifies the CFLAGS only when building with the build-deb-stamp target. If the compile succeeds and the build-deb-stamp is touched compiling again will not have those CFLAGS specified and the PAM service name will default to be argv[0] which causes problems. Another words, apt-get source openssh-server cd openssh-4.1p1 dpkg-buildpackage -nc [ and sshd will use the "ssh" service name ] touch auth-pam.c [ or actually modify it ] dpkg-buildpackage -nc [ and sshd will now use "sshd" if that is what the executable is called. ] It really through me for a loop why my modification caused PAM to ignore the /etc/pam.d/ssh file, I finally figured out that it was looking for /etc/pam.d/sshd and why. I included a patch to the rules file rules.patch to take care of this problem. The CFLAGS are set when configure is run causing configure to include those CFLAGS in all compiles, not just the compiles where CFLAGS is specified. There is one problem with doing it this way. configure fails if -DSSH_EXTRAVERSION="\" $(SSH_EXTRAVERSION)\"" is included in the CFLAGS when configure runs. I didn't figure out why though that it works for the actual compile, but not for the configure stage. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages openssh-server depends on: ii adduser 3.67 Add and remove users and groups ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy ii dpkg 1.13.11 package maintenance system for Deb ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libpam-modules 0.76-23 Pluggable Authentication Modules f ii libpam-runtime 0.76-23 Runtime support for the PAM librar ii libpam0g 0.76-23 Pluggable Authentication Modules l ii libselinux1 1.24-4 SELinux shared libraries ii libssl0.9.7 0.9.7g-1 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii openssh-client 1:4.1p1-7 Secure shell client, an rlogin/rsh ii zlib1g 1:1.2.3-4 compression library - runtime openssh-server recommends no packages. -- debconf information: ssh/insecure_rshd: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true ssh/encrypted_host_key_but_no_keygen: ssh/disable_cr_auth: false
--- ./ssh_test2/openssh-4.1p1/debian/rules 2005-09-11 19:33:02.000000000 -0500 +++ ./ssh_test6/openssh-4.1p1/debian/rules 2005-09-13 20:23:24.000000000 -0500 @@ -71,7 +71,7 @@ build-deb-stamp: dh_testdir mkdir -p build-deb - cd build-deb && $(FORCE_LIBS) ../configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --mandir=/usr/share/man --with-tcp-wrappers --with-xauth=/usr/bin/X11/xauth --with-default-path=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin --with-pam --with-4in6 --with-privsep-path=/var/run/sshd --without-rand-helper --with-libedit $(SELINUX) + cd build-deb && $(FORCE_LIBS) CFLAGS='$(OPTFLAGS) -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT -DSSHD_PAM_SERVICE=\"ssh\"' ../configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --mandir=/usr/share/man --with-tcp-wrappers --with-xauth=/usr/bin/X11/xauth --with-default-path=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin --with-pam --with-4in6 --with-privsep-path=/var/run/sshd --without-rand-helper --with-libedit $(SELINUX) ifeq ($(DEB_HOST_ARCH_OS),linux) # Some 2.2 kernels have trouble with setres[ug]id() (bug #239999). @@ -80,7 +80,7 @@ # Debian's /var/log/btmp has inappropriate permissions. perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-deb/config.h - $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='$(OPTFLAGS) -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT -DSSHD_PAM_SERVICE=\"ssh\" -DSSH_EXTRAVERSION="\" $(SSH_EXTRAVERSION)\""' + $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' # Support building on Debian 3.0 (with GNOME 1.4) and later. if [ -f /usr/include/libgnomeui-2.0/gnome.h ]; then \ $(MAKE) -C contrib gnome-ssh-askpass2 CC='gcc $(OPTFLAGS) -g -Wall'; \ @@ -94,13 +94,13 @@ build-udeb-stamp: dh_testdir mkdir -p build-udeb - cd build-udeb && $(FORCE_LIBS) ../configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --without-xauth --with-default-path=/usr/local/bin:/bin:/usr/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin --with-4in6 --with-privsep-path=/var/run/sshd --without-rand-helper + cd build-udeb && $(FORCE_LIBS) CFLAGS='-Os -g -Wall' ../configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib/openssh --without-xauth --with-default-path=/usr/local/bin:/bin:/usr/bin --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin --with-4in6 --with-privsep-path=/var/run/sshd --without-rand-helper # Debian's /var/log/btmp has inappropriate permissions. perl -pi -e 's,.*#define USE_BTMP .*,/* #undef USE_BTMP */,' build-udeb/config.h # Avoid libnsl linkage. Ugh. perl -pi -e 's/ +-lnsl//' build-udeb/config.status cd build-udeb && ./config.status - $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-Os -g -Wall -DSSH_EXTRAVERSION="\" $(SSH_EXTRAVERSION)\""' ssh scp sftp sshd ssh-keygen + $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen touch build-udeb-stamp clean: