|
| From: | Anthony Fitzpatrick |
| Subject: | [Jailkit-users] Jailkit on Solaris 10 |
| Date: | Mon, 22 Jun 2009 15:03:19 +1000 |
Hi... Can anyone help me with a port of jailkit 2.7 on Solaris 10 My config is as per the doco but fails a simple sftp test I tried jk_socketd to obtain a log but it errors with # /usr/sbin/jk_socketd -n version 2.7, while connecting to /dev/log: Bad file number # ll /dev/log lrwxrwxrwx 1 root other 27 Dec 5 2007 /dev/log -> ../devices/pseudo/address@hidden:log Any help would be appreciated. # make clean rm -f core *~ ini/*~ make[1]: Entering directory `/opt/jailkit-2.7/src' rm -f jk_socketd jk_lsh jk_chrootsh jk_chrootlaunch jk_uchroot rm -f *.o rm -f *~ make[1]: Leaving directory `/opt/jailkit-2.7/src' make[1]: Entering directory `/opt/jailkit-2.7/py' rm -f *~ rm -f jk_cp jk_init jk_check jk_addjailuser jk_jailuser jk_list jk_update jk_lib.pyc make[1]: Leaving directory `/opt/jailkit-2.7/py' make[1]: Entering directory `/opt/jailkit-2.7/man' rm -f *.gz rm -f *~ make[1]: Leaving directory `/opt/jailkit-2.7/man' # make make[1]: Entering directory `/opt/jailkit-2.7/src' gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o jk_socketd.o jk_socketd.c jk_socketd.c: In function `main': jk_socketd.c:446: warning: int format, uid_t arg (arg 2) jk_socketd.c:446: warning: int format, gid_t arg (arg 3) jk_socketd.c:465: warning: int format, pid_t arg (arg 4) gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o jk_lib.o jk_lib.c gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o utils.o utils.c gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o iniparser.o iniparser.c gcc -lpthread -liberty -lsocket -lrt -o jk_socketd jk_socketd.o jk_lib.o utils.o iniparser.o gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o jk_lsh.o jk_lsh.c gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o wordexp.o wordexp.c gcc -lpthread -liberty -lsocket -lrt -o jk_lsh jk_lsh.o iniparser.o jk_lib.o utils.o wordexp.o gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o jk_chrootsh.o jk_chrootsh.c gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o passwdparser.o passwdparser.c gcc -lpthread -liberty -lsocket -lrt -o jk_chrootsh jk_chrootsh.o iniparser.o jk_lib.o utils.o passwdparser.o gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o jk_chrootlaunch.o jk_chrootlaunch.c gcc -lpthread -liberty -lsocket -lrt -o jk_chrootlaunch jk_chrootlaunch.o jk_lib.o utils.o gcc -g -O2 -Wall -pipe -DINIPREFIX=\"/etc/jailkit\" -c -o jk_uchroot.o jk_uchroot.c gcc -lpthread -liberty -lsocket -lrt -o jk_uchroot jk_uchroot.o iniparser.o jk_lib.o utils.o make[1]: Leaving directory `/opt/jailkit-2.7/src' make[1]: Entering directory `/opt/jailkit-2.7/py' sed -e "s!INIPREFIX='/etc/jailkit'!INIPREFIX='/etc/jailkit'!" \ -e "s!LIBDIR='[a-z/]*'!LIBDIR='/usr/share/jailkit'!" \ -e "s:#!/usr/bin/python:#!/usr/sfw/bin/python:" < jk_cp.in > jk_cp sed -e "s!INIPREFIX='/etc/jailkit'!INIPREFIX='/etc/jailkit'!" \ -e "s!LIBDIR='[a-z/]*'!LIBDIR='/usr/share/jailkit'!" \ -e "s:#!/usr/bin/python:#!/usr/sfw/bin/python:" < jk_init.in > jk_init sed -e "s!INIPREFIX='/etc/jailkit'!INIPREFIX='/etc/jailkit'!" \ -e "s!LIBDIR='[a-z/]*'!LIBDIR='/usr/share/jailkit'!" \ -e "s:#!/usr/bin/python:#!/usr/sfw/bin/python:" < jk_check.in > jk_check sed -e "s!INIPREFIX='/etc/jailkit'!INIPREFIX='/etc/jailkit'!" \ -e "s!LIBDIR='[a-z/]*'!LIBDIR='/usr/share/jailkit'!" \ -e "s:#!/usr/bin/python:#!/usr/sfw/bin/python:" < jk_addjailuser.in > jk_addjailuser sed -e "s!INIPREFIX='/etc/jailkit'!INIPREFIX='/etc/jailkit'!" \ -e "s!LIBDIR='[a-z/]*'!LIBDIR='/usr/share/jailkit'!" \ -e "s:#!/usr/bin/python:#!/usr/sfw/bin/python:" < jk_jailuser.in > jk_jailuser sed -e "s!INIPREFIX='/etc/jailkit'!INIPREFIX='/etc/jailkit'!" \ -e "s!LIBDIR='[a-z/]*'!LIBDIR='/usr/share/jailkit'!" \ -e "s:#!/usr/bin/python:#!/usr/sfw/bin/python:" < jk_list.in > jk_list sed -e "s!INIPREFIX='/etc/jailkit'!INIPREFIX='/etc/jailkit'!" \ -e "s!LIBDIR='[a-z/]*'!LIBDIR='/usr/share/jailkit'!" \ -e "s:#!/usr/bin/python:#!/usr/sfw/bin/python:" < jk_update.in > jk_update /usr/sfw/bin/python -c "import py_compile;py_compile.compile('jk_lib.py')" make[1]: Leaving directory `/opt/jailkit-2.7/py' make[1]: Entering directory `/opt/jailkit-2.7/man' gzip -9 < jailkit.8 > jailkit.8.gz gzip -9 < jk_chrootsh.8 > jk_chrootsh.8.gz gzip -9 < jk_uchroot.8 > jk_uchroot.8.gz gzip -9 < jk_lsh.8 > jk_lsh.8.gz gzip -9 < jk_socketd.8 > jk_socketd.8.gz gzip -9 < jk_init.8 > jk_init.8.gz gzip -9 < jk_check.8 > jk_check.8.gz gzip -9 < jk_cp.8 > jk_cp.8.gz gzip -9 < jk_chrootlaunch.8 > jk_chrootlaunch.8.gz gzip -9 < jk_addjailuser.8 > jk_addjailuser.8.gz gzip -9 < jk_jailuser.8 > jk_jailuser.8.gz gzip -9 < jk_list.8 > jk_list.8.gz gzip -9 < jk_update.8 > jk_update.8.gz make[1]: Leaving directory `/opt/jailkit-2.7/man' # pwd /opt/jailkit-2.7 # cd src # ls Makefile iniparser.h jk_chrootlaunch.c jk_lib.c jk_lsh.o jk_uchroot passwdparser.o utils.o Makefile.in iniparser.o jk_chrootlaunch.o jk_lib.h jk_procmailwrapper.c jk_uchroot.c passwdparsertester.c wordexp.c config.h iniparsertester.c jk_chrootsh jk_lib.o jk_socketd jk_uchroot.o passwdparsertester.test wordexp.h config.h.in iniparsertester.ini jk_chrootsh.c jk_lsh jk_socketd.c passwdparser.c utils.c wordexp.o iniparser.c jk_chrootlaunch jk_chrootsh.o jk_lsh.c jk_socketd.o passwdparser.h utils.h I set up the Jail as per install instructions : # pwd /home/sftproot/etc/jailkit # cat jk_lsh.ini [testsftp] paths= /usr/lib/ executables=/usr/lib/ssh/sftp-server allow_word_expansion = 0 umask = 002 # # cat /etc/passwd testsftp:x:5511:506:testsftp user :/home/sftproot/home/testsftp:/usr/sbin/jk_chrootsh # sftp -v address@hidden Connecting to localhost... Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /.ssh/id_rsa type 1 debug1: identity file /.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1 debug1: no match: Sun_SSH_1.1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-Sun_SSH_1.1 debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible Unknown code 0 ) debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: Peer sent proposed langtags, ctos: en-AU,en-NZ,i-default debug1: Peer sent proposed langtags, stoc: en-AU,en-NZ,i-default debug1: We proposed langtags, ctos: i-default debug1: We proposed langtags, stoc: i-default debug1: Negotiated lang: i-default debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: Remote: Negotiated main locale: C debug1: Remote: Negotiated messages locale: C debug1: dh_gen_key: priv key bits set: 133/256 debug1: bits set: 1594/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /.ssh/known_hosts:11 debug1: bits set: 1600/3191 debug1: ssh_rsa_verify: signature correct debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive debug1: Next authentication method: gssapi-keyex debug1: Next authentication method: gssapi-with-mic debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible Unknown code 0 ) debug1: Next authentication method: publickey debug1: Trying public key: /.ssh/id_rsa debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive debug1: Trying private key: /.ssh/id_dsa debug1: Next authentication method: keyboard-interactive Password: debug1: Authentication succeeded (keyboard-interactive) debug1: fd 5 setting O_NONBLOCK debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug1: ssh_session2_setup: id 0 debug1: Sending subsystem: sftp debug1: channel request 0: subsystem debug1: channel 0: open confirm rwindow 0 rmax 32768 debug1: channel 0: rcvd eof debug1: channel 0: output open -> drain debug1: channel 0: obuf empty debug1: channel 0: close_write debug1: channel 0: output drain -> closed debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: rcvd close debug1: channel 0: close_read debug1: channel 0: input open -> closed debug1: channel 0: almost dead debug1: channel 0: gc: notify user debug1: channel 0: gc: user detached debug1: channel 0: send close debug1: channel 0: is dead debug1: channel 0: garbage collecting debug1: channel_free: channel 0: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 debug1: Exit status 17 Connection closed Trying to start jk_socketd to start logging to syslog # ll /dev/log lrwxrwxrwx 1 root other 27 Dec 5 2007 /dev/log -> ../devices/pseudo/address@hidden:log # /usr/sbin/jk_socketd -n version 2.7, while connecting to /dev/log: Bad file number I see version 2.6 had fixes for Solaris... Is that Solaris 10 or Open Solaris? Regards and in Thanks in advance... Anthony Fitzpatrick ( Australia ) (w) 07 3124 4032 |
| [Prev in Thread] | Current Thread | [Next in Thread] |