Displaying 7 results from an estimated 7 matches for "auth_clear_options".
2008 May 26
4
[Bug 1472] New: Authentication options not cleared in privileged process
...rsion: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: cjwatson at debian.org
Created an attachment (id=1509)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1509)
call auth_clear_options in privileged process
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/161047 reports a
problem with forced commands when used with public-key authentication
but expecting password authentication also to work without the forced
command. Briefly, it may be reproduced on a single machine as fo...
2001 Feb 09
1
Bug in auth-options.c
...tion sharing.
Cheers,
Han Holl
--- auth-options.c.orig Fri Feb 9 14:14:51 2001
+++ auth-options.c Fri Feb 9 14:18:43 2001
@@ -57,11 +57,12 @@
auth_parse_options(struct passwd *pw, char *options, unsigned long linenum)
{
const char *cp;
- if (!options)
- return 1;
/* reset options */
auth_clear_options();
+
+ if (!options)
+ return 1;
while (*options && *options != ' ' && *options != '\t') {
cp = "no-port-forwarding";
2002 Jan 24
1
PATCH: krb4/krb5/... names/patterns in auth_keys entries
...file, linenum) == 1) {
- found_key = 1;
- debug("matching key found: file %s, line %lu",
- file, linenum);
- break;
+ if (key_equal(found, key) || key_match(found, key)) {
+ found_key = auth_parse_options(pw, options, file, linenum);
+ if (found_key != 0)
+ break;
+ auth_clear_options();
}
}
restore_uid();
fclose(f);
key_free(found);
- if (!found_key)
+ if (found_key == 0)
debug2("key not found");
+ else if (found_key > 0) {
+ debug("matching key found: file %s, line %lu",
+ file, linenum);
+ auth_set_key_env(key);
+ } else
+ debug(...
2011 Oct 08
3
[PATCH] add log= directive to authorized_hosts
Attached is a patch which adds a log= directive to authorized_keys. The text
in the log="text" directive is appended to the log line, so you can easily
tell which key is matched.
For instance the line:
log="hello world!",no-agent-forwarding,command="/bin/true",no-pty,
no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7"
ssh-rsa AAAAB3Nza....xcgaK9xXoU=
2001 Aug 15
0
[ossh patch] principal name/patterns in authorized_keys2
...ude "key.h"
+
/* Linked list of custom environment strings */
struct envstring {
struct envstring *next;
@@ -37,6 +39,9 @@
int
auth_parse_options(struct passwd *pw, char *options, char *file,
u_long linenum);
+
+void
+auth_set_key_env(Key *k);
/* reset options flags */
void auth_clear_options(void);
Index: 2_9_p2.1/auth-options.c
--- 2_9_p2.1/auth-options.c Thu, 03 May 2001 16:12:13 -0400 jd (OpenSSH/k/22_auth-optio 1.1 644)
+++ 2_9_p2_w_named_keys.2/auth-options.c Tue, 03 Jul 2001 13:57:30 -0400 willian (OpenSSH/k/22_auth-optio 1.1.1.1 644)
@@ -55,8 +55,43 @@
channel_clear_permitted_...
2002 May 09
0
functions : server_input_channel_req userauth_pubkey
.../*
+ * Assume that the comment field contains the real name of
the
+ * person who owns the key.
+ */
+ packet_send_debug("RSA authentication of %s as user %s
accepted.",
+ comment, pw->pw_name);
+ }
else
auth_clear_options();
diff -ru openssh-3.1p1/auth.h openssh-3.1p1-mods/auth.h
- --- openssh-3.1p1/auth.h Thu May 9 12:18:26 2002
+++ openssh-3.1p1-mods/auth.h Thu May 9 12:19:54 2002
@@ -94,7 +94,7 @@
int auth_rhosts_rsa(struct passwd *, const char *, Key *);
int auth_password(Authctxt *, c...
2006 Nov 15
11
OpenSSH Certkey (PKI)
...m();
+
+ if (PRIVSEP(user_cert_key_allowed(authctxt->pw, key))) {
+ packet_start(SSH2_MSG_USERAUTH_PK_OK);
+ packet_put_string(pkalg, alen);
+ packet_put_string(pkblob, blen);
+ packet_send();
+ packet_write_wait();
+ authctxt->postponed = 1;
+ }
+ }
+ if (authenticated != 1)
+ auth_clear_options();
+done:
+ debug2("userauth_certkey: authenticated %d pkalg %s", authenticated, pkalg);
+ if (key != NULL)
+ key_free(key);
+ xfree(pkalg);
+ xfree(pkblob);
+ return authenticated;
+}
+
+/* check whether given key is signed by certificate */
+int
+user_cert_key_allowed(struct passwd *pw...