search for: auth_get_us

...ed this way). In addition, I'd have to pass the authctxt all the way down to channel_connect_to(). As a side effect, it's possible to get rid of the global variable x_authctxt (which seems to be sort of a hack), because it's easy to provide the authctxt information in all places where auth_get_user() is currently called. In addition, server_loop() would be changed to accept a struct passwd * and build a fake authctxt for it, to be compatible with the v2 code path. Thoughts? -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart htt...

...- buffer_free(&buffer); - return file; -} - char * authorized_keys_file(struct passwd *pw) { diff -ur openssh-3.0.2p1/auth.h openssh-3.0.2p1I/auth.h --- openssh-3.0.2p1/auth.h Tue Jul 3 22:46:57 2001 +++ openssh-3.0.2p1I/auth.h Sun Jan 27 12:05:14 2002 @@ -138,7 +138,6 @@ struct passwd * auth_get_user(void); -char *expand_filename(const char *, struct passwd *); char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); diff -ur openssh-3.0.2p1/ssh.c openssh-3.0.2p1I/ssh.c --- openssh-3.0.2p1/ssh.c Sun Nov 11 16:52:04 2001 +++ openssh-3.0.2p1I/ssh.c Sun Ja...

...- buffer_free(&buffer); - return file; -} - char * authorized_keys_file(struct passwd *pw) { diff -ur openssh-3.0.2p1/auth.h openssh-3.0.2p1I/auth.h --- openssh-3.0.2p1/auth.h Tue Jul 3 22:46:57 2001 +++ openssh-3.0.2p1I/auth.h Sun Jan 27 12:05:14 2002 @@ -138,7 +138,6 @@ struct passwd * auth_get_user(void); -char *expand_filename(const char *, struct passwd *); char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); diff -ur openssh-3.0.2p1/ssh.c openssh-3.0.2p1I/ssh.c --- openssh-3.0.2p1/ssh.c Sun Nov 11 16:52:04 2001 +++ openssh-3.0.2p1I/ssh.c Sun Ja...

...F 491D A8D7 64D8 -------------- next part -------------- diff -ru openssh-2.3.0p1.orig/auth.h openssh-2.3.0p1/auth.h --- openssh-2.3.0p1.orig/auth.h Thu Nov 30 08:59:39 2000 +++ openssh-2.3.0p1/auth.h Thu Nov 30 10:32:54 2000 @@ -45,8 +45,8 @@ int allowed_user(struct passwd * pw); struct passwd * auth_get_user(void); -#define AUTH_FAIL_MAX 6 -#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) +#define AUTH_FAIL_MAX 5 +#define AUTH_FAIL_LOG AUTH_FAIL_MAX #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" #endif diff -ru openssh-2.3.0p1.orig/auth2.c openssh-2.3.0p1/auth2.c --- opens...

...sfile or userfile */ Index: auth.h =================================================================== RCS file: /cvs/openssh/auth.h,v retrieving revision 1.27 diff -u -r1.27 auth.h --- auth.h 22 Jan 2002 12:11:02 -0000 1.27 +++ auth.h 23 Jan 2002 11:11:28 -0000 @@ -139,8 +139,7 @@ struct passwd * auth_get_user(void); char *expand_filename(const char *, struct passwd *); -char *authorized_keys_file(struct passwd *); -char *authorized_keys_file2(struct passwd *); +char *authorized_keys_file(struct passwd *, int n); int secure_filename(FILE *, const char *, struct passwd *, char *, size_t); Index:...

...cp); - else - strlcpy(file, cp, MAXPATHLEN); - - buffer_free(&buffer); - return file; -} - char * authorized_keys_file(struct passwd *pw) { diff -ru ssh/auth.h sshJ/auth.h --- ssh/auth.h Thu Sep 26 05:38:43 2002 +++ sshJ/auth.h Sat Jan 18 16:20:41 2003 @@ -159,7 +159,6 @@ struct passwd * auth_get_user(void); -char *expand_filename(const char *, struct passwd *); char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); diff -ru ssh/ssh-keygen/Makefile sshJ/ssh-keygen/Makefile --- ssh/ssh-keygen/Makefile Wed Jun 27 13:29:16 2001 +++ sshJ/ssh-keygen/Makefil...

...1.1.1.2 +++ auth-pam.c 29 Jan 2003 20:39:19 -0000 1.2 @@ -358,7 +360,7 @@ no_port_forwarding_flag &= ~2; no_agent_forwarding_flag &= ~2; no_x11_forwarding_flag &= ~2; - if (!no_port_forwarding_flag && options.allow_tcp_forwarding) + if (!auth_restricted(RESTRICT_TCP, auth_get_user())) channel_permit_all_opens(); #endif } --- auth.c 28 Jan 2003 18:06:51 -0000 1.1.1.2 +++ auth.c 29 Jan 2003 21:26:11 -0000 1.4 @@ -291,6 +293,31 @@ return 0; } +/* + * Is the user subject to this restriction? + */ +int +auth_restricted(int restriction, struct passwd *pw) +{ + debug2...

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in