search for: fakepw

...;m working with the OpenSSH 3.7.1p2 sources on FreeBSD 4.x. The scenario I'm trying to make work is SSH login to a captive accout for users in a RADIUS database but whose login does not appear in /etc/passwd or getpwnam(). I understand that if the username is not found in getpwnam(), then the fakepw() routine is called to create the user credentials (and, of course, I'll need to modify this to point to my captive acct that I want to use). In auth2.c, there is code to start the PAM authentication in this fakepw case which all seems to make sense: authctxt->pw = PRIVSEP(getpwnam...

this is at the bottom of auth.c. What is it? struct passwd * fakepw(void) { static struct passwd fake; memset(&fake, 0, sizeof(fake)); fake.pw_name = "NOUSER"; fake.pw_passwd = "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; fake.pw_gecos = "NOUSER"; fake.pw_uid = -1; fake.pw_gid = -1;...

Hi, there's a change made to 4.4p1, which gave some irritation on the Cygwin mailing list. It's a change from 20060907: - (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can be used to drop privilege to; fixes Solaris GSSAPI crash reported by Magnus Abrante; suggestion and feedback dtucker@ NB. this change will require that the privilege separation user must exist on all the time, not just when UsePrivilegeSeparation=yes T...

...abase, no authentication here) 3. Authenticate the user with a PAM module I am using my synchronisation script as a PAM module but it seems that the authentication PAM module cannot authenticate the user if user is created in the previous PAM module. (my guess is authctxt contains bad values -> fakepw) Is there any working solution or I have to hack auth1.c in order to do the synchronization before user verification? BR, zgabe

Hi all, After the memory leaks (bug 1967 <https://bugzilla.mindrot.org/show_bug.cgi?id=1967>) I reported in bugzilla are fixed, I also applied melton(http://lcs.ios.ac.cn/~xuzb/melton.html) to detect the potential bugs in sshd (openssh-5.9p1). The url below is the index of bug reports that are checked as real bugs manually.

Hi All. For various reasons, we're currently looking at extending (or even overhauling) the config parser used for sshd_config. Right now the syntax I'm looking at is a cumulative "Match" keyword that matches when all of the specified criteria are met. This would be similar the the Host directive used in ssh_config, although it's still limiting (eg you can't easily

...f (pw == NULL) return 0; Invalid users nolonger are passwd as NULL-pointers, a faked pw struct is used instead. This results in a call to temporarily_use_uid(pw) with the faked pw struct, which fails with fatal(). As a patch I tried /* no user given */ if (pw == fakepw()) return 0; which worked, but maybe is not the best solution. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: peak at argo.troja.mff.cuni.cz authctxt->pw ? user : "unknown" is pointless because illegal users get pw from fakepw(), the code should check authctxt->valid moreover, a check of this kind is completely missing in auth-pam.c ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...uth2_challenge(Authctxt *, char *); void auth2_challenge_stop(Authctxt *); diff -adurN openssh-3.7.1p2.privsep/auth1.c openssh-3.7.1p2/auth1.c --- openssh-3.7.1p2.privsep/auth1.c Wed Sep 3 01:32:46 2003 +++ openssh-3.7.1p2/auth1.c Sat Oct 4 23:08:43 2003 @@ -304,8 +304,12 @@ authctxt->pw = fakepw(); } +#ifndef DISABLE_PRIVSEP setproctitle("%s%s", authctxt->pw ? user : "unknown", use_privsep ? " [net]" : ""); +#else + setproctitle("%s", authctxt->pw ? user : "unknown"); +#endif /* DISABLE_PRIVSEP */ #ifdef USE_P...