search for: pmonitor

...nt, Buffer *); #endif +static int monitor_read_log(struct monitor *); + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -346,6 +357,10 @@ monitor_child_preauth(Authctxt *_authctx debug3("preauth child monitor started"); + close(pmonitor->m_recvfd); + close(pmonitor->m_log_sendfd); + pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; + authctxt = _authctxt; memset(authctxt, 0, sizeof(*authctxt)); @@ -405,6 +420,10 @@ monitor_child_preauth(Authctxt *_authctx #endif } + /* Drain any buffered messages from the ch...

https://bugzilla.mindrot.org/show_bug.cgi?id=2167 Bug ID: 2167 Summary: Connection remains when fork() fails. Product: Portable OpenSSH Version: 5.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

...nt)pw->pw_gid); do_setusercontext(pw); @@ -561,6 +556,7 @@ static Authctxt* privsep_preauth(void) { + char emptydir[] = "/var/tmp/sshd.XXXXXXXXXX"; Authctxt *authctxt = NULL; int status; pid_t pid; @@ -570,12 +566,31 @@ /* Store a pointer to the kex for later rekeying */ pmonitor->m_pkex = &xxx_kex; + /* + * We create a safe environment for the child by creating an empty + * directory into which the child chroots, and the parent prevents + * others from fooling around with it by removing the directory. We do + * it this way because the child can't remove it...

...he logs if sshd reported the change of pid with LogLevel set to verbose instead of debug2. Is it possible to have it changed? Regards Claes Leufv?n Here is a patch for it: --- sshd.c_orig 2005-11-21 10:51:08.000000000 +0100 +++ sshd.c 2005-11-21 10:51:11.000000000 +0100 @@ -652,7 +652,7 @@ if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { - debug2("User child is on pid %ld", (long)pmonitor->m_pid); + verbose("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd);...

...ssible to change this or would it violate the privacy of the users? Regards Claes Leufv?n Here is a patch for the latest(20051208) snapshot of OpenSSH portable: --- sshd.c-orig 2005-12-08 14:35:03.000000000 +0100 +++ sshd.c 2005-12-08 14:35:11.000000000 +0100 @@ -651,7 +651,7 @@ if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { - debug2("User child is on pid %ld", (long)pmonitor->m_pid); + verbose("User child is on pid %ld", (long)pmonitor-&gt...

Hello, The below patch fixes a memory leak I noticed in monitor_read_load() when the child's log pipe is closed. Thanks, Zev Weiss -- diff --git a/monitor.c b/monitor.c index a166fed..6464eec 100644 --- a/monitor.c +++ b/monitor.c @@ -510,6 +510,7 @@ monitor_read_log(struct monitor *pmonitor) debug("%s: child log fd closed", __func__); close(pmonitor->m_log_recvfd); pmonitor->m_log_recvfd = -1; + buffer_free(&logmsg); return -1; } fatal("%s: log fd read: %s", __func__, strerror(errno));

...t 2424 --> https://bugzilla.mindrot.org/attachment.cgi?id=2424&action=edit possible fix. sshd crashes with the core dump when used in high scale environment. The program crashes inside the function "cleanup_exit" at line if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) It is always assumed here that pmonitor is always not NULL. However pmonitor can be null, in the execution sequence below: #0 0x0804e214 in cleanup_exit (i=255) at ../../../../../../src/crypto/openssh/sshd.c:2415 #1 0x080ae7bf in fatal (fmt=0x80b8ea6 "%s: socketpair: %s&...

...case sClientAliveInterval: * monitor_wrap.c:720:dead_error_line ? Execution cannot reach this statement "close(tmp2);".o --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -714,10 +714,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || (tmp2 = dup(pmonitor->m_recvfd)) == -1) { error("%s: cannot allocate fds for pty", __func__); - if (tmp1 > 0) + if (tmp1 > -1) close(tmp1); - if (tmp2 > 0) -...

...10. Following a discussion on capsicum-mailing: https://lists.cam.ac.uk/pipermail/cl-capsicum-discuss/2013-August/msg00000.html I took pjd@ and des@ patches for the older openssh in freebsd-base, and started working on implementing it on openssh-current. The only change I made is use extern for pmonitor. The patch works fine when I try to use connect() in the child process as it fails, as connect() isn't listed in capabilities.conf. It's still a WiP as capsicum is still a moving target. Feedback appreciated. -- You are receiving this mail because: You are watching the assignee of the...

...6.000000000 +0100 +++ openssh-4.2p1/sshd.c 2006-01-07 18:12:40.000000000 +0000 @@ -200,9 +200,11 @@ u_int utmp_len = MAXHOSTNAMELEN; int *startup_pipes = NULL; int startup_pipe; /* in child */ +#ifdef USE_PRIVSEP /* variables used for privilege separation */ int use_privsep; struct monitor *pmonitor = NULL; +#endif /* global authentication context */ Authctxt *the_authctxt = NULL; @@ -308,9 +310,10 @@ grace_alarm_handler(int sig) { /* XXX no idea how fix this signal handler */ +#ifdef USE_PRIVSEP if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) ki...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

...m, + child_state.ivout = buffer_get_binary(&m, &child_state.ivoutlen); - child_state.ivin = buffer_get_string(&m, &child_state.ivinlen); + child_state.ivin = buffer_get_binary(&m, &child_state.ivinlen); goto skip; } else { /* Get the Kex for rekeying */ *pmonitor->m_pkex = mm_get_kex(&m); } - blob = buffer_get_string(&m, &bloblen); + blob = buffer_get_binary(&m, &bloblen); current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); xfree(blob); debug3("%s: Waiting for second key", __func__); - blob = buffer_get...

http://bugzilla.mindrot.org/show_bug.cgi?id=585 ------- Additional Comments From dtucker at zip.com.au 2003-07-07 00:32 ------- dmalloc (http://dmalloc.com/) claims to work on IRIX. It's likely to increase the CPU and memory load, though. I've built with dmalloc on Linux thusly: LDFLAGS=-ldmalloc ./configure && make eval `dmalloc -l /path/to/log high` ./sshd [options]

...sword (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-krb5.c:270 #1 0x274d8 in auth_password (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-passwd.c:140 #2 0x380fc in mm_answer_authpassword (socket=9, m=0xffbeef28) at monitor.c:608 #3 0x376c4 in monitor_read (pmonitor=0x8bec0, ent=0x84150, pent=0xffbeefbc) at monitor.c:371 #4 0x37244 in monitor_child_preauth (pmonitor=0x8bec0) at monitor.c:280 #5 0x1aaac in privsep_preauth () at sshd.c:603 #6 0x1d45c in main (ac=3, av=0xffbefaac) at sshd.c:1497 At first, I simply tried to add the stock Kerberos prompter to...

...e "roaming.h" +#include "sandbox.h" #include "version.h" #ifdef LIBWRAP @@ -624,18 +625,23 @@ privsep_preauth(Authctxt *authctxt) { int status; pid_t pid; + struct ssh_sandbox *box = NULL; /* Set up unprivileged child process to deal with network data */ pmonitor = monitor_init(); /* Store a pointer to the kex for later rekeying */ pmonitor->m_pkex = &xxx_kex; + if (use_privsep == PRIVSEP_SANDBOX) + box = ssh_sandbox_init(); pid = fork(); if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) {...

...al, then calls + * chauthtok() + * + * This MUST be called before the session has acquired its controlling + * tty or the chauthtok child will not be able to acquire it and + * will fail. + */ + +void +mm_do_pam_chauthtok(void) +{ + int result; + Buffer m; + + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_CHAUTHTOK, &m); + mm_send_fd(pmonitor->m_recvfd, STDIN_FILENO); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_CHAUTHTOK, &m); + + buffer_free(&m); +} #endif /* USE_PAM */ /* Request process termination */ Index: monitor_wrap.h ==...

..., 0x1002be58] 7 mm_record_login(s = 0x1014a1f8, pw = 0x1015dbb8) ["/usr/local/src/security/openssh-3.6.1p1/monitor.c":1030, 0x10042c24] 8 mm_answer_pty(socket = 6, m = 0x7fff25a0) ["/usr/local/src/security/openssh-3.6.1p1/monitor.c":1080, 0x10042ecc] 9 monitor_read(pmonitor = 0x10152650, ent = 0x10137750, pent = (nil)) ["/usr/local/src/security/openssh-3.6.1p1/monitor.c":371, 0x10040ef4] 10 monitor_child_postauth(pmonitor = 0x10152650) ["/usr/local/src/security/openssh-3.6.1p1/monitor.c":334, 0x10040d4c] 11 privsep_postauth(authctxt = 0x1...

Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If

...c8 in read () #9 0x0002b5ec in atomicio (f=0x90013bc0 <read>, fd=6, _s=0xbfffef60, n=4) at /tmp/OpenSSH.roots/OpenSSH/openssh/atomicio.c:45 #10 0x00020744 in mm_request_receive (socket=6, m=0xbfffefc0) at /tmp/OpenSSH.roots/OpenSSH/openssh/monitor_wrap.c:110 #11 0x0001c290 in monitor_read (pmonitor=0x403540, ent=0x633c4, pent=0xbffff030) at /tmp/OpenSSH.roots/OpenSSH/openssh/monitor.c:446 #12 0x0001bda8 in monitor_child_preauth (_authctxt=0x4034e0, pmonitor=0x403540) at /tmp/OpenSSH.roots/OpenSSH/openssh/monitor.c:343 #13 0x000039dc in privsep_preauth (authctxt=0x4034e0) at /tmp/OpenSSH.ro...

...27 Jun 2002 00:23:03 -0000 1.13 +++ monitor_wrap.c 2 Jul 2002 02:19:36 -0000 @@ -830,6 +830,85 @@ return ((authok == 0) ? -1 : 0); } +void * +mm_sshpam_init_ctx(struct Authctxt *authctxt) +{ + Buffer m; + + debug3("%s: entering", __func__); + + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); + + return (authctxt); +} + +int +mm_sshpam_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +{ + Buffer m; + int res; + char *challenge; + + debug3("%s: entering", __func__); + + buffer...