search for: client_us

Displaying 20 results from an estimated 27 matches for "client_us".

Did you mean: client_ws
1999 Dec 07
1
Serious Bug Report: OpenSSH
...======================= RCS file: /var/cvs/openssh/sshd.c,v retrieving revision 1.33 diff -u -r1.33 sshd.c --- sshd.c 1999/12/04 09:24:48 1.33 +++ sshd.c 1999/12/07 03:55:18 @@ -1551,24 +1551,41 @@ get_remote_port(), user); -#ifdef HAVE_LIBPAM - do_pam_account_and_session(pw->pw_name, client_user); +#ifndef HAVE_LIBPAM + if (authenticated) + return; - /* Clean up */ - if (client_user != NULL) - xfree(client_user); + if (attempt > AUTH_FAIL_MAX) + packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); +#else /* HAVE_LIBPAM */ + if (authenticated) { + do_pam_account_and_session...
2002 May 09
1
Bug report: OpenSSH 3.1p1
I believe auth-rhosts.c, function check_rhosts_file(), contains a bug that shows up when doing host-based authentication where the client_user name is not the same as the server_user name. Line 76 reads: strlcpy(userbuf, server_user, sizeof(userbuf)); I believe it should read: strlcpy(userbuf, client_user, sizeof(userbuf)); Otherwise later in the function this test will fail: /* Verify that user name matches. */ if (user[0] == '@...
2013 Jan 25
5
[Bug 2064] New: Enable logging of client_user at INFO priority rather than DEBUG2
https://bugzilla.mindrot.org/show_bug.cgi?id=2064 Bug ID: 2064 Summary: Enable logging of client_user at INFO priority rather than DEBUG2 Classification: Unclassified Product: Portable OpenSSH Version: 5.8p2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component...
2001 Mar 20
3
Rhosts-RSA authentication broken
...u have "IgnoreRhosts yes" in the configuration file for the sshd, no rhosts-RSA authentication is done because it is not configured. The reason are the following wrong lines of source in auth-rh-rsa.c: /* Check if we would accept it using rhosts authentication. */ if (!auth_rhosts(pw, client_user)) return 0; I applied the attached patch and now it works, again. Please advice if this is not the right fix or whether this change was intended. Thanks for providing openssh ! Regards, Norbert. P.S. I am not subscribed to the developer list so a cc: to my mail address is appreciated. --...
2002 Jul 31
2
privsep+kerb5+ssh1
...uth1.c.krb Fri Jun 21 08:21:11 2002 +++ openssh-3.4p1/auth1.c Tue Jul 23 15:15:43 2002 @@ -133,15 +133,23 @@ #endif /* KRB4 */ } else { #ifdef KRB5 - krb5_data tkt; + krb5_data tkt, reply; tkt.length = dlen; tkt.data = kdata; - if (auth_krb5(authctxt, &tkt, &client_user)) { + if (PRIVSEP(auth_krb5(authctxt, &tkt, &client_user, &reply))) { authenticated = 1; snprintf(info, sizeof(info), " tktuser %.100s", client_user); + + /* Send response to client */ + packet_start(SSH_SMSG_AUTH_KERBEROS_RE...
2016 Feb 14
5
[Bug 2541] New: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c
...t_bzero(challenge, sizeof(*challenge)); free(challenge); packet_send(); packet_write_wait(); @@ -356,6 +357,7 @@ /* Log before sending the reply */ auth_log(authctxt, authenticated, 0, get_authname(type), NULL); + explicit_bzero(client_user, sizeof(*client_user)); free(client_user); client_user = NULL; ======================================================================= In the case of variable 'client_user', calling free() and setting the static char pointer to NULL does not explicitly sc...
2000 Feb 09
0
[Colin Watson <cjw44@cam.ac.uk>] Bug#49902: [PATCH] Bug#49902: ssh and pam conspire to deny logins
...uthenticate me based on an identity file. MALLOC_CHECK_ was my friend! A patch (whose purpose should be obvious) follows: --- sshd.c.orig Sat Jan 29 11:00:50 2000 +++ sshd.c Sat Jan 29 11:01:29 2000 @@ -1414,8 +1414,10 @@ return; } - if (client_user != NULL) + if (client_user != NULL) { xfree(client_user); + client_user = NULL; + } if (attempt > AUTH_FAIL_MAX) packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); This should cl...
2001 Nov 13
1
Kerberos / PAM bug in OpenSSH CVS
In do_authloop() in auth1.c(), the Kerberos 4 and 5 code both allocate, then xfree() the client_user string. The call to do_pam_account() later in the function then tries to use this string, resulting in a corrupt remote user. Finally, before exiting, the function frees client_user again, resulting in a double free and much mess. Patch attached. Cheers, Simon. -- Simon Wilkinson...
2000 Jan 19
3
AIX openssh patches
...login (ie too many failed logins, account disabled, etc). This function is used in conjunction with authenticate. 5) SOCKS5 and SOCKS4 support. 6) Support for the system random function instead of egd or /dev/urandom. There is one fix that should be put in. In sshd.c, function do_authloop, client_user needs to be set to NULL after the xfree. There is a double free happening here. *** acconfig.h.DIST Tue Jan 11 09:38:15 2000 --- acconfig.h Tue Jan 11 12:11:02 2000 *************** *** 12,17 **** --- 12,23 ---- /* Define if you want to disable PAM support */ #undef DISABLE_PAM + /* Defi...
2000 Feb 02
1
Bugreport: OpenSSH-1.2.2 Server for Linux (glibc 2.1.2)
Hi, I would like to report a bug in OpenSSH-1.2.2 (release) under Linux. Under certain conditions the sshd client process segfaults while doing the password authentification. I have observed the behaviour with glibc 2.0.7 (non-PAM), glibc 2.1.1 (PAM) and glibc 2.1.2 (PAM), when 'RhostsRSAAuthentication yes' is chosen in sshd_config. It appears to happen regardless whether PAM is used or
2000 Mar 06
0
openssh-1.2.2 bug/patch
sshd can free a buffer twice in some circumstances; here's a patch. (causes sshd to crash under linux; a similar fix is probably needed for the pam code, btw) --- sshd.c~ Tue Jan 25 16:07:22 2000 +++ sshd.c Sun Mar 5 22:14:40 2000 @@ -1525,7 +1525,10 @@ } if (client_user != NULL) + { xfree(client_user); + client_user = NULL; + } if (attempt > AUTH_FAIL_MAX) packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
2007 Nov 27
1
Dovecot strange logs
...e some strange logs entries in my dovecot_info.log (auth_debug=yes & auth_verbose=ye) : dovecot: Nov 27 00:28:09 Info: auth(default): vpopmail(CLIENT_EMAIL,CLIENT_IP): lookup user= domain=???????? dovecot: Nov 27 00:28:09 Info: auth(default): vpopmail(CLIENT_EMAIL,CLIENT_IP): lookup user=CLIENT_USER domain=CLIENT_DOMAIN dovecot: Nov 27 00:28:09 Info: auth(default): vpopmail(CLIENT_EMAIL,CLIENT_IP): lookup user=CLIENT_USER domain= CLIENT_DOMAIN (replace CLIENT_EMAIL,CLIENT_IP,CLIENT_USER,CLIENT_DOMAIN with real value of course) For each authentication I have the in first line : &quot...
2001 Nov 20
3
problem with AFS token forwarding
Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
...h", password); +#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */ /* Try authentication with the password. */ authenticated = auth_password(pw, password); #endif /* USE_PAM */ @@ -362,6 +371,10 @@ if (authenticated && !do_pam_account(pw->pw_name, client_user)) authenticated = 0; #endif +#ifdef HAVE_BSD_AUTH_H + if (authenticated && !auth_approval(NULL, NULL, pw->pw_name, "ssh")) + authenticated = 0; +#endif /* HAVE_BSD_AUTH_H */ if (client_user != NULL) { xfree(client_user); @@ -415,6 +428,15 @@ #endif /* AFS...
2002 Mar 18
0
[Bug 170] New: Double free() and heap corruption when krb4 auth fails
...de without the daemon (-d -d -d -D) and reproduce this problem, it is in fact segfaulting shortly after the point where the krb4 auth is failing. Some gdb traces show that this segfault is happening in malloc(). The cause of this is a free() in the auth_krb4 function (in auth-krb4.c) of a pointer, client_user, passed by reference (as *client) to that function. The do_authloop function in auth1.c, which calls auth_krb4, expects that this pointer is either valid or NULL on return, since it will free any non-NULL pointer later in the loop. One solution, represented by the attached patch, is to set the po...
2002 Jul 19
1
OpenSSH 3.4p1 hostbased auth - howto?
...start box2# /sbin/service sshd restart Here's the client debugging output: [...] debug1: authentications that can continue: publickey,password,hostbased debug1: next auth method to try is hostbased debug1: Remote: Accepted by .rhosts. debug1: Remote: Accepted host ohm-master1 ip 192.168.1.1 client_user root server_user root debug1: authentications that can continue: publickey,password,hostbased debug1: Remote: Accepted by .rhosts. debug1: Remote: Accepted host ohm-master1 ip 192.168.1.1 client_user root server_user root debug1: authentications that can continue: publickey,password,hostbased deb...
2000 Aug 04
0
Combining RSA host authentication with another method
...rh-rsa.c openssh-2.1.1p4/auth-rh-rsa.c *** openssh-2.1.1p4.orig/auth-rh-rsa.c Thu Jun 22 12:32:31 2000 --- openssh-2.1.1p4/auth-rh-rsa.c Fri Aug 4 10:25:55 2000 *************** *** 47,53 **** return 0; /* Check if we would accept it using rhosts authentication. */ ! if (!auth_rhosts(pw, client_user)) return 0; canonical_hostname = get_canonical_hostname(); --- 47,54 ---- return 0; /* Check if we would accept it using rhosts authentication. */ ! /* But not if we're doing RSA host/other authentication. */ ! if (!options.rsa_host_other_authentication && !auth_...
2002 Jul 16
0
[Bug 356] New: 3.4p1 hostbased authentication between Linux and Solaris
...bug2: userauth_hostbased: chost enfm-pc8.utcc.utoronto.ca. debug1: ssh_keysign called debug3: msg_send: type 2 debug3: msg_recv entering debug2: we sent a hostbased packet, wait for reply debug1: Remote: Accepted by .rhosts. debug1: Remote: Accepted host enfm-pc8.utcc.utoronto.ca ip 128.100.102.101 client_user mikep server_user mikep debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug2: userauth_hostbased: chost enfm-pc8.utcc.utoronto.ca. debug1: ssh_keysign called debug3: msg_send: type 2 debug3: msg_recv entering debug2: we sent a hostbased packet, wait...
2002 Jun 28
2
ssh_rsa_verify: RSA_verify failed: error:
...ig file are: Host * ForwardX11 yes HostbasedAuthentication yes RhostsRSAAuthentication yes The relevant part of sshd -ddd output seems to be: debug3: mm_send_debug: Sending debug: Accepted by .rhosts. debug3: mm_send_debug: Sending debug: Accepted host bmx.comp.uvic.ca ip 142.104.16.101 client_user klewall server_user klewall debug3: mm_key_verify entering debug3: mm_request_send entering: type 22 debug3: monitor_read: checking request 22 ssh_rsa_verify: RSA_verify failed: error:04077068:lib(4):func(119):reason(104) debug1: ssh_rsa_verify: signature incorrect debug3: mm_answer_keyverify: ke...
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different