search for: do_authentication2

Hi! I'm investigating the seccomp filter in openssh and I wanted to know whether the following system calls should be added to the filter: 1. getgroups - do_authentication2->dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->getgroups 2. setgroups - do_authentication2->ssh_dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->initgroups->setgroups...

...i want to add new authentications after it but i am unable to add it when i add the code i get errors connection closed by remote host connection closed and in log file i get monitor_read unsupported request i want to ask whether the authctxt returned by do_authentication2() is causing problem please tell me ways to debug the server side whenever debug() appears on server side where does that information is written by it so that i can trace it please reply soon bye siddharth

...eve_ I have found a race condition in sshd. In the v2 protocol, after a connection, the accepting process forks in privsep_preauth(). The parent executes monitor_child_preauth() to allow certain privsep requests necessary for authentication. The unprivileged child runs do_ssh2_kex() followed by do_authentication2(). I am working on a new KEX algorithm whose primary feature is performance. It is fast enough that do_authentication2() runs _before_ the monitor has a chance to permit the necessary requests (MONITOR_REQ_PWNAM in particular), and therefore authentication fails on the server with: monitor_rea...

...(logging, sending the reply), but the root special case is skipped. One way to fix this, and make life easier for authmethods that require some state to be hauled around, is to take all the post-authmethod stuff currently in input_userauth_request(), and put it after the call to dispatch_run() in do_authentication2(). That would simplify that code (it's currently mostly conditional on 'authenticated') and ensure that the root & other tests get done all the time. (You might want to leave the auth_log() call in there, so debug sessions keep the "Postponed" entries.) Dr. Tom Holroyd...

.../openssh/sbin/sshd So, I looked at the source code for sshd. Why are there no setuid() and setgid() calls in the code to change to the user, after the child process is forked off to process the new connection? It looks like the uid and gid of the user should be known after do_authentication() or do_authentication2() has been called, so the ownership of the forked daemon could be changed after this point. Why isn't it? --- Jeff Earickson, Colby College

...ReportedBy: godji at 300penguins.org In the v2 protocol, after a connection, the accepting process forks in privsep_preauth(). The parent executes monitor_child_preauth() to allow certain privsep requests necessary for authentication. The unprivileged child runs do_ssh2_kex() followed by do_authentication2(). If KEX is fast enough, do_authentication2() runs before the monitor has a chance to permit the necessary requests (MONITOR_REQ_PWNAM in articular), and therefore authentication fails on the server with: monitor_read: unpermitted request 6 Damien Miller proposed setting up a pipe shared betw...

....c:71 #10 0x30e1c in process_buffered_input_packets () at serverloop.c:423 #11 0x314b8 in server_loop2 (authctxt=0xffbef408) at serverloop.c:705 #12 0x348d8 in do_authenticated2 (authctxt=0x1170f0) at session.c:2063 #13 0x31eb4 in do_authenticated (authctxt=0x1170f0) at session.c:199 #14 0x29c68 in do_authentication2 () at auth2.c:134 #15 0x280d4 in main (ac=6, av=0x8) at sshd.c:1204 I do not claim to know what the correct fix is, however I can avoid the segfault by removing the do_pam_session() call. This is how the same code looks in 2.9p2 (which doesn't segfault). I'll happily provide any informa...

...18 Aug 2006 09:15:20 -0000 1.58 +++ usr.bin/ssh/auth.h 18 Sep 2006 09:32:23 -0000 @@ -123,6 +123,10 @@ void krb5_cleanup_proc(Authctxt *authctxt); #endif /* KRB5 */ +#ifdef BSD_AUTH +void bsdauth_child_set_env(char ***envp, u_int *envsizep); +#endif + void do_authentication(Authctxt *); void do_authentication2(Authctxt *); Index: usr.bin/ssh/session.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/session.c,v retrieving revision 1.219 diff -u -r1.219 session.c --- usr.bin/ssh/session.c 29 Aug 2006 10:40:19 -0000 1.219 +++ usr.bin/ssh/session.c 18 Sep...

...only for protocol 1. This is the case for both ssh and sshd. Specifically, for sshd protocol 1 connections, function calls are made: main to do_authentication to do_authenticated to packet_set_interactive For sshd protocol 2 connections, function calls are made: main to do_authentication2 to do_authenticated2 which does not call packet_set_interactive. For ssh protocol 1 connections, packet_set_interactive is called from ssh_session. For protocol 2, the corresponding function ssh_session2 makes no call to packet_set_interactive. ---------------- I haven't delved into...

...fd9be8 in ?? () #3 0x080baaef in ssh_dispatch_run (ssh=0x8153780, mode=0, done=0x8151660, ctxt=0x8151660) at ../openssh-6.8p1/dispatch.c:101 #4 0x080bac86 in ssh_dispatch_run_fatal (ssh=0x8153780, mode=0, done=0x8151660, ctxt=0x8151660) at ../openssh-6.8p1/dispatch.c:140 #5 0x08065103 in do_authentication2 (authctxt=0x8151660) at ../openssh-6.8p1/auth2.c:175 #6 0x08053cea in main (ac=4, av=0x814e3f8) at ../openssh-6.8p1/sshd.c:2314 [1] http://serverfault.com/questions/697497/strange-seccomp-entries-for-sshd-in-audit-log/701889#701889 [2] https://github.com/openssh/openssh-portable/blob/51a1c211526...

...2c4(0x147348, 0x147348, 0xffbef160, 0xffbef158, 0x0, 0x0), at 0x3c2c3 [12] server_loop2(0x1456a8, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x3cc54 [13] 0x4284c(0x1456a8, 0x0, 0x0, 0x0, 0x21b6c, 0x3de34), at 0x4284b [14] do_authenticated(0x1456a8, 0x1456a8, 0x1456a8, 0x80, 0x8, 0x5e27c), at 0x3de90 [15] do_authentication2(0x109df0, 0x8, 0xd144, 0x8, 0x2152c, 0x2c38c), at 0x2eef0 [16] main(0x3, 0xffbefc34, 0xffbefc44, 0x12cc00, 0x0, 0x0), at 0x2c404 Please let me know if you need more info. Thanks, Ed Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082 Systems Programmer III, Network and S...

https://bugzilla.mindrot.org/show_bug.cgi?id=3522 Bug ID: 3522 Summary: Crash with "free(): double free detected" with old clients Product: Portable OpenSSH Version: 9.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd

...dc, ffbef6d8, ffbef6d0, 0, 0, 0) + 500 0005387c server_loop2 (0, 0, 0, 0, 0, 0) + 19c 0005ab60 do_authenticated2 (153ea0, 0, 0, 0, ff235ad4, 54bd0) + 8 00054c40 do_authenticated (153ea0, 153ea0, 153ea0, 2000, ffff, 0) + b0 0004435c do_authentication2 (1187a0, 7, c30b, ffbefd64, ff235ad4, 41888) + d4 00041914 main (1, ffbefdec, ffbefdf4, 138c00, 0, 0) + 267c 0003dedc _start (0, 0, 0, 0, 0, 0) + dc truss only yields one call because I am calling it on the process after the fact. The one thing I can see wi...

...; - if (use_privsep) + if (use_privsep) { if (privsep_preauth(authctxt) == 1) goto authenticated; + } else if (compat20) + auth_conn = ssh_get_authentication_connection(); /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { do_ssh2_kex(); do_authentication2(authctxt); + if (!use_privsep && auth_conn) { + ssh_close_authentication_connection(auth_conn); + auth_conn = NULL; + } } else { do_ssh1_kex(); do_authentication(authctxt); @@ -2336,6 +2390,23 @@ do_ssh1_kex(void) packet_write_wait(); } +static void +kex_server_sign(Key *...

https://bugzilla.mindrot.org/show_bug.cgi?id=3666 Bug ID: 3666 Summary: sshd crash Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Severity: critical Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter:

https://bugzilla.mindrot.org/show_bug.cgi?id=2107 Bug ID: 2107 Summary: seccomp sandbox breaks GSSAPI Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Kerberos support

...61714 in get_canonical_hostname (verify_reverse_mapping=0) at > canohost.c:194 > #2 0x8050021 in input_userauth_request (type=50, seq=5, ctxt=0x80990c0) > at auth2.c:147 > #3 0x8067fcf in dispatch_run (mode=0, done=0x80990c0, ctxt=0x80990c0) > at dispatch.c:93 > #4 0x804fef8 in do_authentication2 () at auth2.c:96 > #5 0x804e365 in main (ac=4, av=0xbfbffab0) at sshd.c:1507 > > The call to get_canonical_hostname in input_userauth_request is part of > the FreeBSD patch set, so I'll report the bug to them. > > Tony. > -- > f.a.n.finch <dot at dotat.at> http...

...openssh/auth.h,v retrieving revision 1.42 diff -u -r1.42 auth.h --- auth.h 6 Jun 2002 20:52:37 -0000 1.42 +++ auth.h 2 Jul 2002 02:19:35 -0000 @@ -133,7 +133,6 @@ #endif /* KRB5 */ #include "auth-pam.h" -#include "auth2-pam.h" Authctxt *do_authentication(void); Authctxt *do_authentication2(void); Index: auth2-chall.c =================================================================== RCS file: /var/cvs/openssh/auth2-chall.c,v retrieving revision 1.19 diff -u -r1.19 auth2-chall.c --- auth2-chall.c 26 Jun 2002 13:58:40 -0000 1.19 +++ auth2-chall.c 2 Jul 2002 02:19:35 -0000 @@ -40,11 +4...

...penssh/auth.h,v retrieving revision 1.42 diff -u -r1.42 auth.h --- auth.h 6 Jun 2002 20:52:37 -0000 1.42 +++ auth.h 25 Jun 2002 01:42:09 -0000 @@ -133,7 +133,6 @@ #endif /* KRB5 */ #include "auth-pam.h" -#include "auth2-pam.h" Authctxt *do_authentication(void); Authctxt *do_authentication2(void); Index: auth2-chall.c =================================================================== RCS file: /var/cvs/openssh/auth2-chall.c,v retrieving revision 1.18 diff -u -r1.18 auth2-chall.c --- auth2-chall.c 21 Jun 2002 00:41:52 -0000 1.18 +++ auth2-chall.c 25 Jun 2002 01:42:11 -0000 @@ -40,11 +...