Displaying 20 results from an estimated 27 matches for "client_us".
Did you mean:
client_ws
1999 Dec 07
1
Serious Bug Report: OpenSSH
...=======================
RCS file: /var/cvs/openssh/sshd.c,v
retrieving revision 1.33
diff -u -r1.33 sshd.c
--- sshd.c 1999/12/04 09:24:48 1.33
+++ sshd.c 1999/12/07 03:55:18
@@ -1551,24 +1551,41 @@
get_remote_port(),
user);
-#ifdef HAVE_LIBPAM
- do_pam_account_and_session(pw->pw_name, client_user);
+#ifndef HAVE_LIBPAM
+ if (authenticated)
+ return;
- /* Clean up */
- if (client_user != NULL)
- xfree(client_user);
+ if (attempt > AUTH_FAIL_MAX)
+ packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
+#else /* HAVE_LIBPAM */
+ if (authenticated) {
+ do_pam_account_and_session...
2002 May 09
1
Bug report: OpenSSH 3.1p1
I believe auth-rhosts.c, function check_rhosts_file(), contains a bug
that shows up when doing host-based authentication where the
client_user name is not the same as the server_user name.
Line 76 reads:
strlcpy(userbuf, server_user, sizeof(userbuf));
I believe it should read:
strlcpy(userbuf, client_user, sizeof(userbuf));
Otherwise later in the function this test will fail:
/* Verify that user name matches. */
if (user[0] == '@...
2013 Jan 25
5
[Bug 2064] New: Enable logging of client_user at INFO priority rather than DEBUG2
https://bugzilla.mindrot.org/show_bug.cgi?id=2064
Bug ID: 2064
Summary: Enable logging of client_user at INFO priority rather
than DEBUG2
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p2
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component...
2001 Mar 20
3
Rhosts-RSA authentication broken
...u have "IgnoreRhosts yes" in the configuration file for
the sshd, no rhosts-RSA authentication is done because
it is not configured.
The reason are the following wrong lines of source in auth-rh-rsa.c:
/* Check if we would accept it using rhosts authentication. */
if (!auth_rhosts(pw, client_user))
return 0;
I applied the attached patch and now it works, again.
Please advice if this is not the right fix or whether this
change was intended.
Thanks for providing openssh !
Regards,
Norbert.
P.S. I am not subscribed to the developer list so a cc:
to my mail address is appreciated.
--...
2002 Jul 31
2
privsep+kerb5+ssh1
...uth1.c.krb Fri Jun 21 08:21:11 2002
+++ openssh-3.4p1/auth1.c Tue Jul 23 15:15:43 2002
@@ -133,15 +133,23 @@
#endif /* KRB4 */
} else {
#ifdef KRB5
- krb5_data tkt;
+ krb5_data tkt, reply;
tkt.length = dlen;
tkt.data = kdata;
- if (auth_krb5(authctxt, &tkt, &client_user)) {
+ if (PRIVSEP(auth_krb5(authctxt, &tkt, &client_user, &reply))) {
authenticated = 1;
snprintf(info, sizeof(info),
" tktuser %.100s",
client_user);
+
+ /* Send response to client */
+ packet_start(SSH_SMSG_AUTH_KERBEROS_RE...
2016 Feb 14
5
[Bug 2541] New: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c
...t_bzero(challenge, sizeof(*challenge));
free(challenge);
packet_send();
packet_write_wait();
@@ -356,6 +357,7 @@
/* Log before sending the reply */
auth_log(authctxt, authenticated, 0,
get_authname(type), NULL);
+ explicit_bzero(client_user, sizeof(*client_user));
free(client_user);
client_user = NULL;
=======================================================================
In the case of variable 'client_user', calling free() and setting the
static char pointer to NULL does not explicitly sc...
2000 Feb 09
0
[Colin Watson <cjw44@cam.ac.uk>] Bug#49902: [PATCH] Bug#49902: ssh and pam conspire to deny logins
...uthenticate me
based on an identity file. MALLOC_CHECK_ was my friend! A patch (whose
purpose should be obvious) follows:
--- sshd.c.orig Sat Jan 29 11:00:50 2000
+++ sshd.c Sat Jan 29 11:01:29 2000
@@ -1414,8 +1414,10 @@
return;
}
- if (client_user != NULL)
+ if (client_user != NULL) {
xfree(client_user);
+ client_user = NULL;
+ }
if (attempt > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
This should cl...
2001 Nov 13
1
Kerberos / PAM bug in OpenSSH CVS
In do_authloop() in auth1.c(), the Kerberos 4 and 5 code both allocate, then
xfree() the client_user string. The call to do_pam_account() later in the
function then tries to use this string, resulting in a corrupt remote user.
Finally, before exiting, the function frees client_user again, resulting in a
double free and much mess.
Patch attached.
Cheers,
Simon.
--
Simon Wilkinson...
2000 Jan 19
3
AIX openssh patches
...login (ie too many failed logins, account disabled, etc). This
function is used in conjunction with authenticate.
5) SOCKS5 and SOCKS4 support.
6) Support for the system random function instead of egd or /dev/urandom.
There is one fix that should be put in. In sshd.c, function do_authloop,
client_user needs to be set to NULL after the xfree. There is a double free
happening here.
*** acconfig.h.DIST Tue Jan 11 09:38:15 2000
--- acconfig.h Tue Jan 11 12:11:02 2000
***************
*** 12,17 ****
--- 12,23 ----
/* Define if you want to disable PAM support */
#undef DISABLE_PAM
+ /* Defi...
2000 Feb 02
1
Bugreport: OpenSSH-1.2.2 Server for Linux (glibc 2.1.2)
Hi,
I would like to report a bug in OpenSSH-1.2.2 (release) under Linux.
Under certain conditions the sshd client process segfaults while doing
the password authentification. I have observed the behaviour with
glibc 2.0.7 (non-PAM), glibc 2.1.1 (PAM) and glibc 2.1.2 (PAM), when
'RhostsRSAAuthentication yes' is chosen in sshd_config. It appears to
happen regardless whether PAM is used or
2000 Mar 06
0
openssh-1.2.2 bug/patch
sshd can free a buffer twice in some circumstances; here's a patch.
(causes sshd to crash under linux; a similar fix is probably needed
for the pam code, btw)
--- sshd.c~ Tue Jan 25 16:07:22 2000
+++ sshd.c Sun Mar 5 22:14:40 2000
@@ -1525,7 +1525,10 @@
}
if (client_user != NULL)
+ {
xfree(client_user);
+ client_user = NULL;
+ }
if (attempt > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
2007 Nov 27
1
Dovecot strange logs
...e some strange logs entries in my dovecot_info.log
(auth_debug=yes & auth_verbose=ye) :
dovecot: Nov 27 00:28:09 Info: auth(default):
vpopmail(CLIENT_EMAIL,CLIENT_IP): lookup user= domain=????????
dovecot: Nov 27 00:28:09 Info: auth(default):
vpopmail(CLIENT_EMAIL,CLIENT_IP): lookup user=CLIENT_USER
domain=CLIENT_DOMAIN
dovecot: Nov 27 00:28:09 Info: auth(default):
vpopmail(CLIENT_EMAIL,CLIENT_IP): lookup user=CLIENT_USER domain=
CLIENT_DOMAIN
(replace CLIENT_EMAIL,CLIENT_IP,CLIENT_USER,CLIENT_DOMAIN with real
value of course)
For each authentication I have the in first line : "...
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
...h", password);
+#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
#endif /* USE_PAM */
@@ -362,6 +371,10 @@
if (authenticated && !do_pam_account(pw->pw_name, client_user))
authenticated = 0;
#endif
+#ifdef HAVE_BSD_AUTH_H
+ if (authenticated && !auth_approval(NULL, NULL, pw->pw_name, "ssh"))
+ authenticated = 0;
+#endif /* HAVE_BSD_AUTH_H */
if (client_user != NULL) {
xfree(client_user);
@@ -415,6 +428,15 @@
#endif /* AFS...
2002 Mar 18
0
[Bug 170] New: Double free() and heap corruption when krb4 auth fails
...de without the daemon (-d -d -d -D) and reproduce this
problem, it is in fact segfaulting shortly after the point where the krb4 auth
is failing. Some gdb traces show that this segfault is happening in malloc().
The cause of this is a free() in the auth_krb4 function (in auth-krb4.c) of a
pointer, client_user, passed by reference (as *client) to that function. The
do_authloop function in auth1.c, which calls auth_krb4, expects that this
pointer is either valid or NULL on return, since it will free any non-NULL
pointer later in the loop. One solution, represented by the attached patch, is
to set the po...
2002 Jul 19
1
OpenSSH 3.4p1 hostbased auth - howto?
...start
box2# /sbin/service sshd restart
Here's the client debugging output:
[...]
debug1: authentications that can continue: publickey,password,hostbased
debug1: next auth method to try is hostbased
debug1: Remote: Accepted by .rhosts.
debug1: Remote: Accepted host ohm-master1 ip 192.168.1.1 client_user root
server_user root
debug1: authentications that can continue: publickey,password,hostbased
debug1: Remote: Accepted by .rhosts.
debug1: Remote: Accepted host ohm-master1 ip 192.168.1.1 client_user root
server_user root
debug1: authentications that can continue: publickey,password,hostbased
deb...
2000 Aug 04
0
Combining RSA host authentication with another method
...rh-rsa.c openssh-2.1.1p4/auth-rh-rsa.c
*** openssh-2.1.1p4.orig/auth-rh-rsa.c Thu Jun 22 12:32:31 2000
--- openssh-2.1.1p4/auth-rh-rsa.c Fri Aug 4 10:25:55 2000
***************
*** 47,53 ****
return 0;
/* Check if we would accept it using rhosts authentication. */
! if (!auth_rhosts(pw, client_user))
return 0;
canonical_hostname = get_canonical_hostname();
--- 47,54 ----
return 0;
/* Check if we would accept it using rhosts authentication. */
! /* But not if we're doing RSA host/other authentication. */
! if (!options.rsa_host_other_authentication && !auth_...
2002 Jul 16
0
[Bug 356] New: 3.4p1 hostbased authentication between Linux and Solaris
...bug2: userauth_hostbased: chost enfm-pc8.utcc.utoronto.ca.
debug1: ssh_keysign called
debug3: msg_send: type 2
debug3: msg_recv entering
debug2: we sent a hostbased packet, wait for reply
debug1: Remote: Accepted by .rhosts.
debug1: Remote: Accepted host enfm-pc8.utcc.utoronto.ca ip 128.100.102.101
client_user mikep server_user mikep
debug1: authentications that can continue:
publickey,password,keyboard-interactive,hostbased
debug2: userauth_hostbased: chost enfm-pc8.utcc.utoronto.ca.
debug1: ssh_keysign called
debug3: msg_send: type 2
debug3: msg_recv entering
debug2: we sent a hostbased packet, wait...
2002 Jun 28
2
ssh_rsa_verify: RSA_verify failed: error:
...ig file are:
Host *
ForwardX11 yes
HostbasedAuthentication yes
RhostsRSAAuthentication yes
The relevant part of sshd -ddd output seems to be:
debug3: mm_send_debug: Sending debug: Accepted by .rhosts.
debug3: mm_send_debug: Sending debug: Accepted host bmx.comp.uvic.ca ip
142.104.16.101 client_user klewall server_user klewall
debug3: mm_key_verify entering
debug3: mm_request_send entering: type 22
debug3: monitor_read: checking request 22
ssh_rsa_verify: RSA_verify failed:
error:04077068:lib(4):func(119):reason(104)
debug1: ssh_rsa_verify: signature incorrect
debug3: mm_answer_keyverify: ke...
2005 Feb 24
3
Suggestion: SSHD pseudo/fake mode. Source available.
Hi,
SSH brute force attacks seem to enjoy increasing popularity. Call me an
optimist or a misrouted kind of contributer to the community, but on our
company server I actually go through the logs and report extreme cases
to the providers of the originating IP's. With the increasing number of
these attacks, however, I have now decided that it's better to move the
SSHd to a different