search for: kbdintctxt

...emoved altogether, the limit seems quite arbitrary, but here is a patch to not send > 100 prompts. With this patch, the test in the info_response code could actually be removed. --- auth2-chall.c.orig Wed Jun 26 18:40:14 2002 +++ auth2-chall.c Wed Jun 26 18:42:54 2002 @@ -217,6 +217,8 @@ if (kbdintctxt->device->query(kbdintctxt->ctxt, &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) return 0; + if (kbdintctxt->nreq > 100) + fatal("send_userauth_info_request: too many prompts"); packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); pack...

https://bugzilla.mindrot.org/show_bug.cgi?id=983 --- Comment #51 from Petr Lautrbach <plautrba at redhat.com> 2012-03-28 02:35:54 EST --- Created attachment 2138 --> https://bugzilla.mindrot.org/attachment.cgi?id=2138 fixes of original patch (In reply to comment #46) > Created attachment 2096 [details] > Updated version of original patch. Fix missing braces around block in

https://bugzilla.mindrot.org/show_bug.cgi?id=983 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1930 --- Comment #34 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:24 EST --- Retarget unresolved

...by the remote user with the PAM module seems only to treat the authctxt->valid case (i.e. when the getpwnam() returns a real acct). This seems to make the fakepw() case above pointless (and prevents my captive acct scenario from working). if (authctxt->valid) { res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); } else { res = -1; } My question is how is the !valid case supposed to work? Is this just an oversight in the OpenSSH code, or am I missing some other piece of the puzzle (perhaps so...

Hi all, After the memory leaks (bug 1967 <https://bugzilla.mindrot.org/show_bug.cgi?id=1967>) I reported in bugzilla are fixed, I also applied melton(http://lcs.ios.ac.cn/~xuzb/melton.html) to detect the potential bugs in sshd (openssh-5.9p1). The url below is the index of bug reports that are checked as real bugs manually.

Hello all, during tests of my SecurID patch I found a small mistake (maybe) in initialization of kbd-int devices. When kbdintctxt->device->init_ctx(authctxt) returns NULL whole challenge response authentication is stopped regardless availability of next devices. Small patch solving this situation is attached. ____________________________________________________________ Vyzkou?ejte pohodl? kontaktn?ch ?o?ek ACUVUE, nej...

...Index: usr.bin/ssh/auth.h =================================================================== RCS file: /cvs/src/usr.bin/ssh/auth.h,v retrieving revision 1.58 diff -u -r1.58 auth.h --- usr.bin/ssh/auth.h 2006/08/18 09:15:20 1.58 +++ usr.bin/ssh/auth.h 2006/09/18 09:35:53 @@ -61,6 +61,7 @@ void *kbdintctxt; #ifdef BSD_AUTH auth_session_t *as; + char **auth_env_mod; /* env changes requested by login script */ #endif #ifdef KRB5 krb5_context krb5_ctx; @@ -122,6 +123,12 @@ int auth_krb5_password(Authctxt *authctxt, const char *password); void krb5_cleanup_proc(Authctxt *authctxt); #endif /*...

http://bugzilla.mindrot.org/show_bug.cgi?id=702 Summary: dont call userauth_finish after auth2_challenge_stop Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2876 Bug ID: 2876 Summary: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

...uth.h --- openssh-3.9p1_vanilla/auth.h 2004-05-24 02:36:23.000000000 +0200 +++ openssh-3.9p1_selinux/auth.h 2004-09-07 18:03:09.000000000 +0200 @@ -57,6 +57,9 @@ char *service; struct passwd *pw; /* set if 'valid' */ char *style; +#ifdef WITH_SELINUX + char *role; +#endif void *kbdintctxt; #ifdef BSD_AUTH auth_session_t *as; diff -u --new-file --recursive openssh-3.9p1_vanilla/auth1.c openssh-3.9p1_selinux/auth1.c --- openssh-3.9p1_vanilla/auth1.c 2004-08-12 14:40:25.000000000 +0200 +++ openssh-3.9p1_selinux/auth1.c 2004-09-07 18:04:03.000000000 +0200 @@ -284,6 +284,9 @@ { u_i...