search for: allowed_us

...signed to an entity of type "char *". while ((cp = getusershell()) != NULL) ^ 1 error detected in the compilation of "auth.c". *** openssh_cvs/auth.c- Sun Mar 18 12:52:30 2001 --- openssh_cvs/auth.c Sun Mar 18 13:32:20 2001 *************** *** 57,63 **** allowed_user(struct passwd * pw) { struct stat st; ! char *shell, *cp; int i; #ifdef WITH_AIXAUTHENTICATE char *loginmsg; --- 57,63 ---- allowed_user(struct passwd * pw) { struct stat st; ! char *shell, *cp, *getusershell(); int i; #ifdef WITH_AIXAUTHENTICATE char *loginmsg; --...

I can't get workaround for Fallout mouse problem working as mentioned on: http://bugs.winehq.org/show_bug.cgi?id=6033 I created a key at [HKEY_CURRENT_USER\Software\Wine\DirectInput] named MouseWarpOverride with the value 'disable' This had no effect. Can anyone give me any ideas as to what I may need to do?

....2.0-p1. It basically worked, except that users other than root were not allowed to login. My system is a Linux-2.4.0-test7 with glibc-2.1.3. No PAM is installed/used. It uses MD5 passwords and shadow with account expiration feature. In handling of the latter, a probable bug was found. In auth.c, allowed_user(), there is a code at the line 73, saying ... /* Check password expiry */ if ((spw->sp_lstchg > 0) && (spw->sp_inact > 0) && (days > (spw->sp_lstchg + spw->sp_inact))) return 0; } ... In my opinion, this is wrong. sp_inact tells how long the accou...

...ns passwd if that date is getting close. How are other people dealing with this? Is anyone working on integrating password changing into openssh? Is doing so even desired, since it's fairly trivial to implement outside of openssh? On a related note, there was a change some time ago which made allowed_user reject users whose password has been set to "force change" with passwd -f (or equivalent). (Specifically, the check for sp_lstchg was set to >= 0 rather than > 0). The result is that there's no way to force a user to change his password on next login, because doing so makes hi...

...ex: auth.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v retrieving revision 1.75 diff -u -p -r1.75 auth.c --- auth.c 25 Aug 2003 01:51:19 -0000 1.75 +++ auth.c 25 Aug 2003 13:56:25 -0000 @@ -73,7 +73,7 @@ int allowed_user(struct passwd * pw) { struct stat st; - const char *hostname = NULL, *ipaddr = NULL, *passwd; + const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; char *shell; int i; #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) @@ -85,8 +85,7 @@ allowed_user(struct passwd * pw...

As the title mentions, full screen mode does not work with Diablo 2 while using Glide Wrapper, but it does "work" for Direct3D (it's incredibly choppy/laggy though). Another problem: In window mode, it runs very smoothly, but if I happen to click outside of the window, Wine freezes and I have to terminate the program. I'm running Ubuntu 8.04 and using the latest wine

...ed /etc/passwd (and /etc/shadow) and our NIS server distributes non-shadowed password of general users. We have to use getspnam(3) for shadowed local users' ( for example, "root") entries and getpwnam(3) for non-shadowed users' entries. Otherwise, the function "allowed_user" in auth.c of openssh-2.1.1p2 has the following lines: 59 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \ 60 defined(HAS_SHADOW_EXPIRE) 61 struct spwd *spw; 62 63 /* Shouldn't be called if pw is NULL, but better safe than sorry */ 64...

I'm looking at the password aging and account lock checks in auth.c:allowed_user(), and specifically their behaviour on HP-UX. First, should this code be ifdef'd away if we're using PAM? Next: /* Check account expiry */ if ((spw->sp_expire > 0) && (days > spw->sp_expire)) return 0; If I lock an account by entering too many incorrect pass...

...rify that the user is a valid user. */ +#ifdef HAVE_BSD_AUTH_H + /* we may have an auth type in the user name we need to strip */ + { + char *p; + bsduser = xstrdup(user); + if ((p = strchr(user, ':')) != NULL) + *p = '\0'; + } +#endif pw = getpwnam(user); if (pw && allowed_user(pw)) { /* Take a copy of the returned structure. */ @@ -460,7 +482,9 @@ (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { -#else /* !HAVE_OSF_SIA && !USE_PAM */ +#elif defined(HAVE...

Hi Damien, I noticed you merged a couple of ifdefs in the fix for bug #442. The cvs comment says "Fix Bug #442 for PAM case". The code is now roughly: #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) spw = getspnam(pw->pw_name); passwd = spw->sp_pwdp; #else passwd =

The following aix patch to configure.in forces /usr/include to be searched before /usr/local/include on AIX systems only. This allows the normal include rules to untangle <login.h> from "login.h" on AIX when using the AIX cc compiler or gcc. Please see that it gets applied to the current cvs source tree. It fixes the only compile time error the current cvs tree has on aix with

...yone happy? This does the follow. it will always honor AllowUsers. If there is no Allow/DenyGroups it stated they are not in allowUsers. IF there are AllowDenyGroups it tries them. And then stated they are not in either AllowUsers nor AllowGroups since PErmitRootLogin is not handled in auth.c:allowed_users() I will not try to add that logic. I still believe it should be true. Diff against -ccurent BSD tree. - Ben Index: auth.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth.c,v retrieving revision 1.46 diff -u -r1.46 auth.c --- auth.c 4 N...

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |enhancement ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...y that the user is a valid user. */ + #ifdef HAVE_BSD_AUTH + /* we may have an auth type in the user name we need to strip */ + { + char *p; + bsduser = xstrdup(user); + if ((p = strchr(user, ':')) != NULL) + *p = '\0'; + } + #endif pw = getpwnam(user); if (!pw || !allowed_user(pw)) do_fake_authloop1(user); *************** *** 482,487 **** --- 500,508 ---- pwcopy.pw_gid = pw->pw_gid; pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); + #if defined(BSD) && BSD >= 199506 + pwcopy.pw_class = xstrdup(pw->pw_cla...

...rs automatically when they have been authorized by the pam_smb_auth. Problem is that sshd checks if the user exists in passwd before going to pam for authorization. I made a very nasty hack to sshd that changed the behaviour so that the pw-struct got some defaults instead of pw from getpwnam() if allowed_user() returns false. However, I would rather use a real version of sshd, so I suggest there be some changes made to allow for better PAM-usage. For that, the (or a) call to getpwnam() must be run AFTER pam has checked authorization and account (my pam_useradd is an account module). First, pw is se...

The Linux/Unix-port of OpenSSH-1.2.3 in sshd.c:allowed_user() denies Login to users with an empty shell-field in /etc/passwd. According to the docs this is wrong and an empty shell-field should default to /bin/sh. I'm sure that this is what was intended, because code and comment get it right in sshd.c:do_child(): * Get the shell from the pa...

I was encountering a strange message about "faked authloop for illegal user". It turned out the allowed_user function was disallowing passwd entries with a blank shell field, which is supposed to be equivalent to "/bin/sh". This patch is based on OpenSSH 1.2.3, and I have tested it on Slackware 7.0. --- sshd.old Wed Apr 12 23:47:04 2000 +++ sshd.c Thu Apr 13 00:35:54 2000 @@ -1121,6 +1121,7...

...l/include -I/gnu/include -I. -I./openbsd-compat -I. -DETCDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/gnu/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/gnu/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/gnu/libexec/sftp-server\" -DHAVE_CONFIG_H -c auth.c auth.c: In function `allowed_user': auth.c:145: warning: implicit declaration of function `loginrestrictions' auth.c:145: `S_RLOGIN' undeclared (first use in this function) auth.c:145: (Each undeclared identifier is reported only once auth.c:145: for each function it appears in.) gmake: *** [auth.o] Error 1 S_RLOGIN...

Apologies if this issue has already been addressed. But it isn't plain, even using sshd -d -d -d, why function allowed_user would return 0. In my case, an old version of login was ignoring the expiry-date field of /etc/shadow, but sshd was refusing access. There are several reasons why access might be refused, and it shouldn't be necessary to modify auth.c to print out the info - it would be nicer to have debug...

...but I was under the impression that there are pam API calls you should be making for account verification, in PARALLEL to getpwnam(), rather than being gated by getpwnam() Or instead, maybe you should have start_pam fill out a limited set of (struct passwd) info, if getpwnam failed [and then call allowed_user() AFTER this] I'm trying to use a PAM module to integrate with OpenLDAP. I want to have user account info present on only the LDAP server, not in the regular password info. And ONLY for sshd. So a plain call to getpwnam will fail. Yes, I realize that this will break other UNIX apps expecti...