Displaying 20 results from an estimated 22 matches for "getpwnamallow".
Did you mean:
getpwnam_alloc
2010 Feb 01
8
[Bug 1710] New: aix_setauthdb/aix_restoredb are not called in getpwnamallow() causing permanently_set_uid() to fail
https://bugzilla.mindrot.org/show_bug.cgi?id=1710
Summary: aix_setauthdb/aix_restoredb are not called in
getpwnamallow() causing permanently_set_uid() to fail
Product: Portable OpenSSH
Version: 5.3p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.or...
2005 Apr 15
3
PAM authentication
I find it annoying that openssh takes active part in the authentication
process when using PAM. Namely, SSH doesn't pass the user's password if
the getpwent for the user returns NULL.
I use a clever PAM setup that allows nonexisting users to log in if they
are succesfully authenticated against a Samba server.
When the user logs in for the first time, he's added to the user
database
2006 Dec 05
4
[Bug 1269] PAM Callback returns garbage if user unknown or root with disabled login in ssh-config
...Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: bitbucket at mindrot.org
ReportedBy: openbsd at priv.de
If the sshd gets no entry for the user trying to login with
getpwnamallow, or if it is not allowed to login, pam is still consulted
to authenticate. This is done for hiding if the user exists or not, to
hide if the password is right and to hide if he is only blocked in
config and the password was right (pam would not delay if the password
was right).
The call of pam req...
2002 Nov 08
0
[Bug 432] New: AIX does not log login attempts for unknown users
...n attempt by an unknown user (eg via telnet) normally gets logged as:
syslog: pts/4: failed login attempt for UNKNOWN_USER from my.host.com
This is generated by a call to loginfailed(), which substitutes UNKNOWN_HOST for
the username if it doesn't exist.
AIX never finds out about it because getpwnamallow returns as soon as it finds
no passwd entry. Following patch calls loginfailed before returning. It
generates:
syslog: ssh: failed login attempt for UNKNOWN_USER from my.host.com
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assigne...
2011 Jun 16
1
Privilege Separation Design Question
Hello all,
I have a question about the design of the privilege separation aspect of
openSSH. From what I understand, the interface between the privileged
process and the unprivileged one is implemented as a set of well-defined
operations with only a small subset of these operations enabled at any
given time. These operations are enabled and disabled depending on the
task at hand.
What I am
2014 Mar 05
1
Bad Password - #010#012#015#177INCORRECT : ssh -> pam -> libpam_sqlite -> sqlite3
...es "#010#012#015#177INCORRECT" as the password
(and discards the password entered by the user) to the libpam_sqlite
module. Then obviously the libpam_sqlite3 denies access to the user because
the password is incorrect!
When looked into the OpenSSH code, I found that getpwnam() in
auth.c::getpwnamallow() sets pw = NULL and so the following message appears!
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 0
Invalid user XXXXXX from A.B.C.D
Now, to the questions:
1. Why does OpenSSH replaces the password entered by the user with the
bad password - "\b\n\r\177INCORRECT" wh...
2003 May 06
1
compilation problems AIX 5.2
...#39;:
auth.c:403: warning: passing arg 2 of `loginfailed'
discards qualifiers from pointer target type
auth.c:403: too few arguments to function
`loginfailed'
auth.c: In function `expand_filename':
auth.c:481: warning: implicit declaration of function
`snprintf'
auth.c: In function `getpwnamallow':
auth.c:630: warning: passing arg 1 of `loginfailed'
discards qualifiers from pointer target type
auth.c:630: warning: passing arg 2 of `loginfailed'
discards qualifiers from pointer target type
auth.c:630: too few arguments to function
`loginfailed'
auth.c: In function `auth_debug...
2004 Jan 25
1
Puzzled about PAM support in OpenSSH-3.7.1p2
...e
fakepw() routine is called to create the user credentials (and, of
course, I'll need to modify this to point to my captive acct that I
want to use). In auth2.c, there is code to start the PAM
authentication in this fakepw case which all seems to make sense:
authctxt->pw = PRIVSEP(getpwnamallow(user));
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
#ifdef USE_PAM
if (options.use_pam)
PRIVSEP(start_pam(authctxt->pw->pw_name));
#endif
} else {
a...
2004 Sep 22
2
SSHD with PAM question
...ave a conversation with the (illegal) user (in order to get the password) sshd
throws out the authentication context. Is this necessary? Or is it just that
no one in their right mind ought to be trying to do this anyway?
If I have done my homework correctly:
- a user is "illegal" if getpwnamallow says so
- this will happen, in particular, if getpwnam returns NULL
- an "illegal" user results in a non-valid authctxt
- MUCH later, when the PAM auth module is running, it calls back into the
sshd function input_userauth_info_response as part of the attempt
to get a password from...
2007 May 24
2
[RFC][PATCH] Detect and handle PAM changing user name
...pam_user;
+
+ if (pam_get_item(sshpam_handle, PAM_USER,
+ (sshpam_const void **)ptr_pam_user) != PAM_SUCCESS)
+ return PAM_AUTH_ERR;
+
+ if (strcmp(authctxt->user, pam_user)) {
+ char *user = strdup(pam_user);
+ struct passwd *pw;
+
+ if (!user)
+ return PAM_AUTH_ERR;
+
+ if (!(pw = getpwnamallow(user))) {
+ free(user);
+ return PAM_AUTH_ERR;
+ }
+
+ free(authctxt->pw);
+ authctxt->pw = pw;
+ free(authctxt->user);
+ authctxt->user = user;
+ }
+ return PAM_SUCCESS;
+}
+
+/*
* Conversation function for authentication thread.
*/
static int
@@ -469,6 +502,10 @@
if (s...
2014 Jun 12
4
[Bug 2245] New: Multiple USER_LOGIN messages when linux audit support is enabled on bad login
https://bugzilla.mindrot.org/show_bug.cgi?id=2245
Bug ID: 2245
Summary: Multiple USER_LOGIN messages when linux audit support
is enabled on bad login
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2015 Feb 21
4
[Bug 2358] New: allow sshd to "redirect" to another local user
https://bugzilla.mindrot.org/show_bug.cgi?id=2358
Bug ID: 2358
Summary: allow sshd to "redirect" to another local user
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee:
2006 Mar 29
7
sshd config parser
Hi All.
For various reasons, we're currently looking at extending (or even
overhauling) the config parser used for sshd_config.
Right now the syntax I'm looking at is a cumulative "Match" keyword that
matches when all of the specified criteria are met. This would be
similar the the Host directive used in ssh_config, although it's still
limiting (eg you can't easily
2020 May 26
4
sshd/winbind wrong GID redux
Hi, I'm in the position of having to support a fix for a bad
interaction between sshd and winbind/Active Directory. It's solved by a
small patch against openssh, but it would be nice to have the solution
generally available.
The problem has previously been described on this list by Andreas
Schneider, see:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-February/037556.html
2007 Sep 07
0
Public key reading abstraction (to allow future work)
...;,
- buf);
- break;
- }
- /*
- * dirname should always complete with a "/" path,
- * but we can be paranoid and check for "." too
- */
- if ((strcmp("/", buf) == 0) || (strcmp(".", buf) == 0))
- break;
- }
- return 0;
-}
-
struct passwd *
getpwnamallow(const char *user)
{
=== modified file 'auth.h'
--- auth.h 2007-07-30 09:54:36 +0000
+++ auth.h 2007-08-02 12:02:24 +0000
@@ -166,8 +166,6 @@
char *authorized_keys_file(struct passwd *);
char *authorized_keys_file2(struct passwd *);
-int
-secure_filename(FILE *, const char *, struct pa...
2019 Feb 20
3
[PATCH 0/2] Cygwin: allow user and group case-insensitive Unicode strings
Windows usernames are case-insensitive and almost any Unicode character
is allowed in a username. The user should be able to login with her
username given in any case and not be refused. However, this opens up
a security problem in terms of the sshd_config Match rules. The match
rules for user and group names have to operate case-insensitive as well,
otherwise the user can override her settings
2012 Feb 04
8
Potential memory leak in sshd [detected by melton]
Hi all,
After the memory leaks (bug 1967
<https://bugzilla.mindrot.org/show_bug.cgi?id=1967>) I reported in
bugzilla are fixed,
I also applied melton(http://lcs.ios.ac.cn/~xuzb/melton.html)
to detect the potential bugs in sshd (openssh-5.9p1).
The url below is the index of bug reports that are checked as real
bugs manually.
2004 Oct 02
12
[Bug 938] "AllowGroups" option and secondary user's groups limit
http://bugzilla.mindrot.org/show_bug.cgi?id=938
Summary: "AllowGroups" option and secondary user's groups limit
Product: Portable OpenSSH
Version: 3.9p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at
2020 Jun 11
2
pointer subtraciton on arm for 8.3p1
...44 in copy_set_server_options (dst=0x7f75aec0 <options>,
src=0xbecbf3a8, preauth=0) at servconf.c:2546
#10 0x7f66a418 in parse_server_match_config (options=0x7f75aec0
<options>, includes=0x7f759050 <includes>, connectinfo=0x7f759b10
<ci>) at servconf.c:2428
#11 0x7f6721ac in getpwnamallow (ssh=0x7fff8a88, user=0x7ffeeab0
"root") at auth.c:575
#12 0x7f688d34 in mm_answer_pwnamallow (ssh=0x7fff8a88, sock=6,
m=0x7fffa1e8) at monitor.c:732
#13 0x7f687f40 in monitor_read (ssh=0x7fff8a88, pmonitor=0x7ffef670,
ent=0x7f759644 <mon_dispatch_proto20+24>, pent=0xbecc0648) at
mo...
2004 Sep 07
0
Please review openssh patch for selinux
...#39;\0';
+#endif
+
if ((style = strchr(user, ':')) != NULL)
*style++ = '\0';
authctxt->user = user;
authctxt->style = style;
+#ifdef WITH_SELINUX
+ authctxt->role = role;
+#endif
/* Verify that the user is a valid user. */
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
diff -u --new-file --recursive openssh-3.9p1_vanilla/auth2.c openssh-3.9p1_selinux/auth2.c
--- openssh-3.9p1_vanilla/auth2.c 2004-08-12 14:40:25.000000000 +0200
+++ openssh-3.9p1_selinux/auth2.c 2004-09-07 18:06:25.000000000 +0200
@@ -133,6 +133,9 @@
Authctxt *authctxt = ctxt;...