search for: auth_proto

...ards that are established, ideally with a username and remote display information, but whatever I can get, I'll take. Any help would be great. session.c: packet_check_eom(); success = session_setup_x11fwd(s); if (!success) { xfree(s->auth_proto); xfree(s->auth_data); s->auth_proto = NULL; s->auth_data = NULL; } else { verbose("jblaine testing : w00t? : %s", s->auth_display); }

...c,v retrieving revision 1.156 diff -u -r1.156 session.c --- session.c 2001/11/13 12:46:19 1.156 +++ session.c 2001/12/05 20:52:38 @@ -108,8 +108,10 @@ int row, col, xpixel, ypixel; char tty[TTYSZ]; /* X11 */ + int display_number; char *display; int screen; + char *auth_display[2]; char *auth_proto; char *auth_data; int single_connection; @@ -1415,32 +1417,28 @@ _PATH_SSH_SYSTEM_RC); } else if (do_xauth && options.xauth_location != NULL) { /* Add authority data to .Xauthority if appropriate. */ - char *screen = strchr(s->display, ':'); - if (debug_...

...RAY */ #ifdef _AIX if ((cp = getenv("AUTHSTATE")) != NULL) @@ -1392,11 +1419,13 @@ "%.100s %.100s %.100s\n", options.xauth_location, s->auth_display[0], s->auth_proto, s->auth_data); +#ifndef _CRAY if (s->auth_display[1]) fprintf(stderr, "add %.100s %.100s %.100s\n", s->auth_display[1],...

Hi! Here is the patch to support tcp wrappers with x11-forwarded connections. The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too. I've understood that this will not be included in the official version because it adds complexity (?!) to openssh. Binding the forwarded port to localhost doesn't solve all problems. I've understood that you should also implement

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

...t; num_socks; n++) { sock = socks[n]; *** session.c.orig Sun Feb 18 20:13:34 2001 --- session.c Wed Feb 21 11:39:06 2001 *************** *** 1361,1366 **** --- 1361,1369 ---- "Running %.100s add %.100s %.100s %.100s\n", options.xauth_location, display, auth_proto, auth_data); + #if 0 + /* it's redundant! really! sshd *never* listens for X11 on a UNIX socket. + * <appro at fy.chalmers.se> */ #ifndef HAVE_CYGWIN /* Unix sockets are not supported */ if (screen != NULL) fprintf(stderr, *************** *** 1368,1373 **** --- 1371...

...o struct Session {int used, int self, pointer to struct passwd {..} pw, pointer to struct Authctxt {..} authctxt, int pid, pointer to char term, int ptyfd, int ttyfd, int ptymaster, int row, int col, int xpixel, int ypixel, array[64] of char tty, pointer to char display, int screen, pointer to char auth_proto, pointer to char auth_data, int single_connection, int chanid, int is_subsystem}) returning void previous: function() returning int : "session.c", line 581 cc: acomp failed for session.c *** Error code 2 make: Fatal error: Command failed for target `session.o' To correct a c...

...0s", strerror(errno)); return NULL; } else { debug("Socket family %d not supported [X11 disp create]", ai->ai_family); continue; } } session.c, do_child, line 1219: } else if (options.xauth_location != NULL) { /* Add authority data to .Xauthority if appropriate. */ if (auth_proto != NULL && auth_data != NULL) { char *screen = strchr(display, ':'); The problem seems to be that the socket() function not returning EINVAL (as the man page suggests), but is instead returning EAFNOSUPPORT. This change was made recently... http://www.uwsg.iu.edu/hypermail/linu...

Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal

...nsider integrating this into the OpenSSH code. Thanks. -Alok diff -w -c openssh-2.9p2/session.c modified/session.c *** 1950,1955 **** --- 1565,1590 ---- void session_close(Session *s) { + char cmd[1024]; + FILE *f = NULL; + int xauth_present = s->auth_proto != NULL && s->auth_data != NULL; + + memset(cmd, 0, sizeof (cmd)); + + if (xauth_present && options.xauth_location != NULL) { + debug("Running %.100s remove %.100s", + options.xauth_location, s-&gt...

...93,9 @@ # include <uinfo.h> #endif +/* support /./ in homedir */ +#define DOT_CHROOT + /* types */ #define TTYSZ 64 @@ -1037,6 +1040,10 @@ extern char **environ; struct stat st; char *argv[10]; +#ifdef DOT_CHROOT + char *user_dir; + char *new_root; +#endif int do_xauth = s->auth_proto != NULL && s->auth_data != NULL; #ifdef WITH_IRIX_PROJECT prid_t projid; @@ -1093,6 +1100,25 @@ # ifdef HAVE_GETUSERATTR set_limits_from_userattr(pw->pw_name); # endif /* HAVE_GETUSERATTR */ +# ifdef DOT_CHROOT + user_dir = xstrdup(pw->pw_dir); + new_root = user_dir +...

...o struct Session {int used, int self, pointer to struct passwd {..} pw, pointer to struct Authctxt {..} authctxt, int pid, pointer to char term, int ptyfd, int ttyfd, int ptymaster, int row, int col, int xpixel, int ypixel, array[64] of char tty, pointer to char display, int screen, pointer to char auth_proto, pointer to char auth_data, int single_connection, int chanid, int is_subsystem}) returning void previous: function() returning int : "session.c", line 581 cc: acomp failed for session.c *** Error code 2 make: Fatal error: Command failed for target `session.o' 2.9p1 compiled...

...=9, fderr_arg=11) at /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/serverloop.c:563 #3 0x8053b60 in do_exec_no_pty ( command=0x80750c0 "rsync --server --sender -vlgtpr --delete . /home/ghelmer/ ", pw=0xbfbfef80, display=0x806c0a0 "mocha.cs.iastate.edu:10.0", auth_proto=0x806c100 "MIT-MAGIC-COOKIE-1", auth_data=0x8075000 "cdf4b6cb730310be3d51a8abf77303fc") at /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/sshd.c:2211 #4 0x805386c in do_authenticated (pw=0xbfbfef80) at /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/ss...

...else + { + printf("Never logged in before.\n"); + } + #endif do_login(s, command); + } /* Do common processing for the child, such as execing the command. */ do_child(command, pw, s->term, s->display, s->auth_proto, *************** *** 711,720 **** --- 744,755 ---- } } + #ifndef BOIS_DIRTY_PATCH /* Get the time and hostname when the user last logged in. */ hostname[0] = '\0'; last_login_time = get_last_login_time(pw->pw_uid, pw->pw_name, hostname, sizeof(hostname)); + #...

...&& aixloginmsg && *aixloginmsg && + !quiet_login && !options.use_login) { + printf("%s\n", aixloginmsg); + } +#endif /* Do common processing for the child, such as execing the command. */ do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty); /* NOTREACHED */

...10]; int do_xauth; -#ifdef WITH_IRIX_PROJECT - prid_t projid; -#endif /* WITH_IRIX_PROJECT */ -#ifdef WITH_IRIX_JOBS - jid_t jid = 0; -#else -#ifdef WITH_IRIX_ARRAY - int jid = 0; -#endif /* WITH_IRIX_ARRAY */ -#endif /* WITH_IRIX_JOBS */ do_xauth = s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; @@ -1130,39 +1110,9 @@ */ do_pam_setcred(0); # endif /* USE_PAM */ -# ifdef WITH_IRIX_JOBS - jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive"); - if (jid == -1) { - fatal("Failed to create job container:...

...@@ -212,6 +223,7 @@ /* Enable compression after we have responded with SUCCESS. */ enable_compression_after_reply = 1; success = 1; +#endif break; case SSH_CMSG_REQUEST_PTY: @@ -219,6 +231,7 @@ break; case SSH_CMSG_X11_REQUEST_FORWARDING: +#ifdef WITH_X11FWD s->auth_proto = packet_get_string(&proto_len); s->auth_data = packet_get_string(&data_len); @@ -242,18 +255,22 @@ s->auth_proto = NULL; s->auth_data = NULL; } +#endif break; case SSH_CMSG_AGENT_REQUEST_FORWARDING: +#ifdef WITH_AGENTFWD if (no_agent_forwarding_fla...

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

...01 @@ -93,6 +93,8 @@ # include <uinfo.h> #endif +#define CHROOT + /* types */ #define TTYSZ 64 @@ -1012,6 +1014,10 @@ extern char **environ; struct stat st; char *argv[10]; +#ifdef CHROOT + char *user_dir; + char *new_root; +#endif /* CHROOT */ int do_xauth = s->auth_proto != NULL && s->auth_data != NULL; #ifdef WITH_IRIX_PROJECT prid_t projid; @@ -1085,6 +1091,28 @@ if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); + +#ifdef CHROOT + user_dir = xstrdup(pw->pw_dir); + new_root = user_...

..."); #endif /* LOGIN_CAP */ /* Print /etc/motd if it exists. */ @@ -2216,6 +2303,9 @@ fclose(f); } } +#ifdef LOGIN_CAP + login_close(lc); +#endif /* LOGIN_CAP */ /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); @@ -2363,7 +2453,7 @@ char buf[256]; FILE *f; unsigned int envsize, i; - char **env; + char **env = NULL; extern char **environ; struct stat st; char *argv[10]; @@ -2373,29 +2463,24 @@ lc = login_getpwclass(pw); if (lc == NULL) lc = login_getclassbyname(NULL...