search for: client_user

...======================= RCS file: /var/cvs/openssh/sshd.c,v retrieving revision 1.33 diff -u -r1.33 sshd.c --- sshd.c 1999/12/04 09:24:48 1.33 +++ sshd.c 1999/12/07 03:55:18 @@ -1551,24 +1551,41 @@ get_remote_port(), user); -#ifdef HAVE_LIBPAM - do_pam_account_and_session(pw->pw_name, client_user); +#ifndef HAVE_LIBPAM + if (authenticated) + return; - /* Clean up */ - if (client_user != NULL) - xfree(client_user); + if (attempt > AUTH_FAIL_MAX) + packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); +#else /* HAVE_LIBPAM */ + if (authenticated) { + do_pam_account_and_session(p...

I believe auth-rhosts.c, function check_rhosts_file(), contains a bug that shows up when doing host-based authentication where the client_user name is not the same as the server_user name. Line 76 reads: strlcpy(userbuf, server_user, sizeof(userbuf)); I believe it should read: strlcpy(userbuf, client_user, sizeof(userbuf)); Otherwise later in the function this test will fail: /* Verify that user name matches. */ if (user[0] == '@...

https://bugzilla.mindrot.org/show_bug.cgi?id=2064 Bug ID: 2064 Summary: Enable logging of client_user at INFO priority rather than DEBUG2 Classification: Unclassified Product: Portable OpenSSH Version: 5.8p2 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:...

...u have "IgnoreRhosts yes" in the configuration file for the sshd, no rhosts-RSA authentication is done because it is not configured. The reason are the following wrong lines of source in auth-rh-rsa.c: /* Check if we would accept it using rhosts authentication. */ if (!auth_rhosts(pw, client_user)) return 0; I applied the attached patch and now it works, again. Please advice if this is not the right fix or whether this change was intended. Thanks for providing openssh ! Regards, Norbert. P.S. I am not subscribed to the developer list so a cc: to my mail address is appreciated. --...

...uth1.c.krb Fri Jun 21 08:21:11 2002 +++ openssh-3.4p1/auth1.c Tue Jul 23 15:15:43 2002 @@ -133,15 +133,23 @@ #endif /* KRB4 */ } else { #ifdef KRB5 - krb5_data tkt; + krb5_data tkt, reply; tkt.length = dlen; tkt.data = kdata; - if (auth_krb5(authctxt, &tkt, &client_user)) { + if (PRIVSEP(auth_krb5(authctxt, &tkt, &client_user, &reply))) { authenticated = 1; snprintf(info, sizeof(info), " tktuser %.100s", client_user); + + /* Send response to client */ + packet_start(SSH_SMSG_AUTH_KERBEROS_RESP...

...t_bzero(challenge, sizeof(*challenge)); free(challenge); packet_send(); packet_write_wait(); @@ -356,6 +357,7 @@ /* Log before sending the reply */ auth_log(authctxt, authenticated, 0, get_authname(type), NULL); + explicit_bzero(client_user, sizeof(*client_user)); free(client_user); client_user = NULL; ======================================================================= In the case of variable 'client_user', calling free() and setting the static char pointer to NULL does not explicitly scru...

...uthenticate me based on an identity file. MALLOC_CHECK_ was my friend! A patch (whose purpose should be obvious) follows: --- sshd.c.orig Sat Jan 29 11:00:50 2000 +++ sshd.c Sat Jan 29 11:01:29 2000 @@ -1414,8 +1414,10 @@ return; } - if (client_user != NULL) + if (client_user != NULL) { xfree(client_user); + client_user = NULL; + } if (attempt > AUTH_FAIL_MAX) packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); This should clos...

In do_authloop() in auth1.c(), the Kerberos 4 and 5 code both allocate, then xfree() the client_user string. The call to do_pam_account() later in the function then tries to use this string, resulting in a corrupt remote user. Finally, before exiting, the function frees client_user again, resulting in a double free and much mess. Patch attached. Cheers, Simon. -- Simon Wilkinson...

...login (ie too many failed logins, account disabled, etc). This function is used in conjunction with authenticate. 5) SOCKS5 and SOCKS4 support. 6) Support for the system random function instead of egd or /dev/urandom. There is one fix that should be put in. In sshd.c, function do_authloop, client_user needs to be set to NULL after the xfree. There is a double free happening here. *** acconfig.h.DIST Tue Jan 11 09:38:15 2000 --- acconfig.h Tue Jan 11 12:11:02 2000 *************** *** 12,17 **** --- 12,23 ---- /* Define if you want to disable PAM support */ #undef DISABLE_PAM + /* Define...

Hi, I would like to report a bug in OpenSSH-1.2.2 (release) under Linux. Under certain conditions the sshd client process segfaults while doing the password authentification. I have observed the behaviour with glibc 2.0.7 (non-PAM), glibc 2.1.1 (PAM) and glibc 2.1.2 (PAM), when 'RhostsRSAAuthentication yes' is chosen in sshd_config. It appears to happen regardless whether PAM is used or

sshd can free a buffer twice in some circumstances; here's a patch. (causes sshd to crash under linux; a similar fix is probably needed for the pam code, btw) --- sshd.c~ Tue Jan 25 16:07:22 2000 +++ sshd.c Sun Mar 5 22:14:40 2000 @@ -1525,7 +1525,10 @@ } if (client_user != NULL) + { xfree(client_user); + client_user = NULL; + } if (attempt > AUTH_FAIL_MAX) packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);

...e some strange logs entries in my dovecot_info.log (auth_debug=yes & auth_verbose=ye) : dovecot: Nov 27 00:28:09 Info: auth(default): vpopmail(CLIENT_EMAIL,CLIENT_IP): lookup user= domain=???????? dovecot: Nov 27 00:28:09 Info: auth(default): vpopmail(CLIENT_EMAIL,CLIENT_IP): lookup user=CLIENT_USER domain=CLIENT_DOMAIN dovecot: Nov 27 00:28:09 Info: auth(default): vpopmail(CLIENT_EMAIL,CLIENT_IP): lookup user=CLIENT_USER domain= CLIENT_DOMAIN (replace CLIENT_EMAIL,CLIENT_IP,CLIENT_USER,CLIENT_DOMAIN with real value of course) For each authentication I have the in first line : "l...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...h", password); +#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */ /* Try authentication with the password. */ authenticated = auth_password(pw, password); #endif /* USE_PAM */ @@ -362,6 +371,10 @@ if (authenticated && !do_pam_account(pw->pw_name, client_user)) authenticated = 0; #endif +#ifdef HAVE_BSD_AUTH_H + if (authenticated && !auth_approval(NULL, NULL, pw->pw_name, "ssh")) + authenticated = 0; +#endif /* HAVE_BSD_AUTH_H */ if (client_user != NULL) { xfree(client_user); @@ -415,6 +428,15 @@ #endif /* AFS *...

...de without the daemon (-d -d -d -D) and reproduce this problem, it is in fact segfaulting shortly after the point where the krb4 auth is failing. Some gdb traces show that this segfault is happening in malloc(). The cause of this is a free() in the auth_krb4 function (in auth-krb4.c) of a pointer, client_user, passed by reference (as *client) to that function. The do_authloop function in auth1.c, which calls auth_krb4, expects that this pointer is either valid or NULL on return, since it will free any non-NULL pointer later in the loop. One solution, represented by the attached patch, is to set the poin...

...start box2# /sbin/service sshd restart Here's the client debugging output: [...] debug1: authentications that can continue: publickey,password,hostbased debug1: next auth method to try is hostbased debug1: Remote: Accepted by .rhosts. debug1: Remote: Accepted host ohm-master1 ip 192.168.1.1 client_user root server_user root debug1: authentications that can continue: publickey,password,hostbased debug1: Remote: Accepted by .rhosts. debug1: Remote: Accepted host ohm-master1 ip 192.168.1.1 client_user root server_user root debug1: authentications that can continue: publickey,password,hostbased debug...

...rh-rsa.c openssh-2.1.1p4/auth-rh-rsa.c *** openssh-2.1.1p4.orig/auth-rh-rsa.c Thu Jun 22 12:32:31 2000 --- openssh-2.1.1p4/auth-rh-rsa.c Fri Aug 4 10:25:55 2000 *************** *** 47,53 **** return 0; /* Check if we would accept it using rhosts authentication. */ ! if (!auth_rhosts(pw, client_user)) return 0; canonical_hostname = get_canonical_hostname(); --- 47,54 ---- return 0; /* Check if we would accept it using rhosts authentication. */ ! /* But not if we're doing RSA host/other authentication. */ ! if (!options.rsa_host_other_authentication && !auth_rh...

...bug2: userauth_hostbased: chost enfm-pc8.utcc.utoronto.ca. debug1: ssh_keysign called debug3: msg_send: type 2 debug3: msg_recv entering debug2: we sent a hostbased packet, wait for reply debug1: Remote: Accepted by .rhosts. debug1: Remote: Accepted host enfm-pc8.utcc.utoronto.ca ip 128.100.102.101 client_user mikep server_user mikep debug1: authentications that can continue: publickey,password,keyboard-interactive,hostbased debug2: userauth_hostbased: chost enfm-pc8.utcc.utoronto.ca. debug1: ssh_keysign called debug3: msg_send: type 2 debug3: msg_recv entering debug2: we sent a hostbased packet, wait fo...

...ig file are: Host * ForwardX11 yes HostbasedAuthentication yes RhostsRSAAuthentication yes The relevant part of sshd -ddd output seems to be: debug3: mm_send_debug: Sending debug: Accepted by .rhosts. debug3: mm_send_debug: Sending debug: Accepted host bmx.comp.uvic.ca ip 142.104.16.101 client_user klewall server_user klewall debug3: mm_key_verify entering debug3: mm_request_send entering: type 22 debug3: monitor_read: checking request 22 ssh_rsa_verify: RSA_verify failed: error:04077068:lib(4):func(119):reason(104) debug1: ssh_rsa_verify: signature incorrect debug3: mm_answer_keyverify: key...

Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different