search for: check_nt_auth

...connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer"). This could be used by a malicious remote client to enumerate the user names on the Cygwin server machine. The cause is that the Cygwin specific function check_nt_auth() is called in auth1.c and auth2.c with implicitly dereferencing the pointer to struct passwd to get the pw_uid member as parameter. This struct passwd pointer can be NULL if the user isn't found in /etc/passwd. Other similar funcs as auth_pam_password() are called getting the structy passwd...

...n is able to change the user context on NT/W2K even without a password since the new Cygwin version 1.3.2, there's no need anymore to allow changing the user context only if the sshd user is the same user as the one which logs in or when a password is given. For that reason the whole function `check_nt_auth' and all code which uses it, is completey dropped in the following patch. Index: auth1.c =================================================================== RCS file: /cvs/openssh_cvs/auth1.c,v retrieving revision 1.40 diff -u -p -r1.40 auth1.c --- auth1.c 2001/03/24 00:37:59 1.40 +++ auth1.c...

Attached is a patch which adds a new config option, AuthOrder2, to sshd_config.c. The syntax is: AuthOrder2 AuthMethod1[:SubAuthMethod1[:SubAuthMethod2...]][,AuthMethod2...] An example, requiring users to enter a public key _and_ a password, in that order: AuthOrder2 publickey:password The current default behaviour: AuthOrder2 password,publickey,keyboard-interactive Require a public key,

Here is a new version of my partial auth patch against the April 24, 2001 CVS image. It fixes a couple of things (thanks to Karl M <karlm30 at hotmail.com>), and includes support for hostbased auth. It's still not pretty, but it works. 2 things Karl mentioned aren't fixed: - auth methods are still hard-coded into servconf.c. Fixing this would require a lot of work, and all the

...has_create_token = 1; + if (api_major_version > 0 || api_minor_version >= 56) + has_ntsec_by_default = 1; + inited = 1; + } + } + switch (what) { + case HAS_CREATE_TOKEN: + return has_create_token; + case HAS_NTSEC_BY_DEFAULT: + return has_ntsec_by_default; + } + return 0; +} + int check_nt_auth(int pwd_authenticated, struct passwd *pw) { /* @@ -93,19 +144,14 @@ int check_nt_auth(int pwd_authenticated, return 0; if (is_winnt) { if (has_create_token < 0) { - struct utsname uts; - int major_high = 0, major_low = 0, minor = 0; char *cygwin = getenv("CYGWIN&qu...

...-r1.3 bsd-cygwin_util.h --- openbsd-compat/bsd-cygwin_util.h 2001/02/18 01:30:56 1.3 +++ openbsd-compat/bsd-cygwin_util.h 2001/04/02 19:47:14 @@ -20,6 +20,8 @@ #ifdef HAVE_CYGWIN +#include <io.h> + int binary_open(const char *filename, int flags, ...); int binary_pipe(int fd[2]); int check_nt_auth(int pwd_authenticated, uid_t uid); -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com

...has_create_token = 1; + if (api_major_version > 0 || api_minor_version >= 56) + has_ntsec_by_default = 1; + inited = 1; + } + } + switch (what) { + case HAS_CREATE_TOKEN: + return has_create_token; + case HAS_NTSEC_BY_DEFAULT: + return has_ntsec_by_default; + } + return 0; +} + int check_nt_auth(int pwd_authenticated, struct passwd *pw) { /* @@ -93,19 +144,14 @@ int check_nt_auth(int pwd_authenticated, return 0; if (is_winnt) { if (has_create_token < 0) { - struct utsname uts; - int major_high = 0, major_low = 0, minor = 0; char *cygwin = getenv("CYGWIN&qu...

...) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec")) +#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea")) + #if defined(open) && open == binary_open # undef open #endif @@ -61,12 +65,34 @@ int check_nt_auth(int pwd_authenticated, * context on NT systems is the password authentication. So * we deny all requsts for changing the user context if another * authentication method is used. - * This may change in future when a special openssh - * subauthentication package is available. + * + * This doesn...

...sd-compat/bsd-cygwin_util.h,v retrieving revision 1.4 diff -u -p -r1.4 bsd-cygwin_util.h --- openbsd-compat/bsd-cygwin_util.h 2001/04/13 14:28:43 1.4 +++ openbsd-compat/bsd-cygwin_util.h 2001/11/20 12:44:23 @@ -26,6 +26,7 @@ int binary_open(const char *filename, in int binary_pipe(int fd[2]); int check_nt_auth(int pwd_authenticated, uid_t uid); int check_ntsec(const char *filename); +void register_9x_service(void); #define open binary_open #define pipe binary_pipe Index: openbsd-compat/daemon.c =================================================================== RCS file: /cvs/openssh_cvs/openbsd-com...

...te_token_wo_ntsec = 1; inited = 1; } } @@ -121,6 +126,8 @@ has_capability(int what) return (has_create_token); case HAS_NTSEC_BY_DEFAULT: return (has_ntsec_by_default); + case HAS_CREATE_TOKEN_WO_NTSEC: + return (has_create_token_wo_ntsec); } return (0); } @@ -151,7 +158,8 @@ check_nt_auth(int pwd_authenticated, str if (has_capability(HAS_CREATE_TOKEN) && (ntsec_on(cygwin) || (has_capability(HAS_NTSEC_BY_DEFAULT) && - !ntsec_off(cygwin)))) + !ntsec_off(cygwin)) || + has_capability(HAS_CREATE_TOKEN_WO_NTSEC))) has_create_tok...

...h_none(&authctxt); The referred authctxt is of type 1. sshconnect2.c does not include auth.h. "userauth_none" is defined in auth2-none.c. In that function the passed authctxt is accessd like a struct from type 2. In line 114 of auth2-none.c the member "pw" is accessed: if (check_nt_auth(1, authctxt->pw) == 0) "pw" is defined in type 2 only. In type 1 there is no "pw". Furthermore, "userauth_none" eventually calls "auth_password". In this function the same type 1 is passed and used as type 2. This all seems odd to me. What do I understan...

...access to a passwordless account without a valid key. This is my patch: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wormhole# diff -u auth2-none.c.old auth2-none.c --- auth2-none.c.old Thu Jul 17 06:23:24 2003 +++ auth2-none.c Thu Jul 17 06:44:42 2003 @@ -100,7 +100,9 @@ if (check_nt_auth(1, authctxt->pw) == 0) return(0); #endif - return PRIVSEP(auth_password(authctxt, "")) && authctxt->valid; + return PRIVSEP(auth_password(authctxt, "")) + && authctxt->valid + && options.pa...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...7 +345,7 @@ return(0); #endif #ifdef USE_PAM - return auth_pam_password(authctxt->pw, ""); + return auth_pam_password(authctxt->pw, "", PAM_PROMPT_ECHO_OFF); #elif defined(HAVE_OSF_SIA) return 0; #else /* !HAVE_OSF_SIA && !USE_PAM */ @@ -370,7 +370,7 @@ check_nt_auth(1, authctxt->pw->pw_uid) && #endif #ifdef USE_PAM - auth_pam_password(authctxt->pw, password) == 1) + auth_pam_password(authctxt->pw, password, PAM_PROMPT_ECHO_OFF) == 1) #elif defined(HAVE_OSF_SIA) auth_sia_password(authctxt->user, password) == 1) #else /* !...

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

...xt->pw, key)) { + if (user_key_allowed(authctxt->pw, key, realname)) { packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); packet_put_string(pkblob, blen); @@ -505,6 +537,10 @@ if (check_nt_auth(0, authctxt->pw) == 0) return(0); #endif + sshid(realname, 1, tempreal); + debug("**************************"); + debug("VIX userauth_pubkey done"); + debug("**************************"); return authenticated; } @@...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the