search for: login_cap_t

...ed to me directly, as I'm not on the list ] -------------- next part -------------- diff -ruN openssh-2.2.0p1.orig/session.c openssh-2.2.0p1/session.c --- openssh-2.2.0p1.orig/session.c Tue Aug 29 18:21:22 2000 +++ openssh-2.2.0p1/session.c Mon Sep 4 11:47:10 2000 @@ -125,6 +125,8 @@ static login_cap_t *lc; #endif +static char *saved_command = 0; + /* * Remove local Xauthority file. */ @@ -377,8 +379,11 @@ packet_integrity_check(plen, 0, type); } if (forced_command != NULL) { + saved_command = command; command = forced_command; debug("Forced command '%.5...

...ormatting requirements for any libcrypt mechanism, I modified libcrypt instead. The diff is pasted below strictly for viewing, the uuencoded version is below that. In libcrypt, I use getpwuid_r(getuid(), ...) to get a pwd structure for the current user. Then, I use login_getpwclass() to return a login_cap_t structure and use login_getcapnum(...,"ln_rounds",...) to grab the value for ln_rounds in login.conf. The only drawback to this approach is that it grabs the entry for the current user rather than the user whose password is being changed. Normally, root will have a higher cost value...

...val tv; @@ -1254,6 +1254,7 @@ if (tv.tv_sec >= pw->pw_expire) return 0; } +#endif /* !__FreeBSD__ */ /* We found no reason not to let this user try to log on... */ return 1; } @@ -1268,6 +1269,12 @@ struct passwd *pw, pwcopy; int plen, ulen; char *user; +#ifdef LOGIN_CAP + login_cap_t *lc; + char *hosts; + const char *from_host, *from_ip; + int denied; +#endif /* LOGIN_CAP */ /* Get the name of the user that we wish to log in as. */ packet_read_expect(&plen, SSH_CMSG_USER); @@ -1338,6 +1345,38 @@ packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",...

...h: 1.2.27 pat 1.2.1*,1.2.2*,1.2.3* debug1: Local version string SSH-1.99-OpenSSH_3.3 unable to set user context: Bad file descriptor gdb says: #0 0x805c8c3 in do_setusercontext (pw=0x813c000) at session.c:1164 1164 if (setusercontext(lc, pw, pw->pw_uid, (gdb) print lc $1 = (login_cap_t *) 0x0 (gdb) print *pw $2 = {pw_name = 0x8141000 "sshd", pw_passwd = 0x8141005 "", pw_uid = 10658, pw_gid = 1010, pw_change = 0, pw_class = 0x8141007 "", pw_gecos = 0x8141008 "SSH,,,", pw_dir = 0x814100f "/var/empty", pw_shell = 0x814101a "n...

...tream: switch over to the new authorized_keys options API and") dropped the 'allowed pty' option when the password has expired. By adding this hack here, I got it back to the old behavior: --- a/auth-passwd.c +++ b/auth-passwd.c @@ -62,6 +62,7 @@ extern ServerOptions options; extern login_cap_t *lc; #endif +extern struct sshauthopt *auth_opts; #define DAY (24L * 60 * 60) /* 1 day in seconds */ #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ @@ -122,8 +123,11 @@ auth_password(struct ssh *ssh, const char *password) } #endif result = sys_auth_passwd(ssh, password); - if...

...a(void); +extern Buffer loginmsg; /* original command from peer. */ const char *original_command = NULL; @@ -103,10 +104,6 @@ #define MAX_SESSIONS 10 Session sessions[MAX_SESSIONS]; -#ifdef WITH_AIXAUTHENTICATE -char *aixloginmsg; -#endif /* WITH_AIXAUTHENTICATE */ - #ifdef HAVE_LOGIN_CAP login_cap_t *lc; #endif @@ -770,10 +767,13 @@ if (options.use_pam && !is_pam_password_change_required()) print_pam_messages(); #endif /* USE_PAM */ -#ifdef WITH_AIXAUTHENTICATE - if (aixloginmsg && *aixloginmsg) - printf("%s\n", aixloginmsg); -#endif /* WITH_AIXAUTHENTICATE */...

...?cnica | P?. Duque Saldanha, 1, 7? E / 1050-094 Lisboa / Portugal | Tel: +351 2 1010 0000 - Fax: +351 2 1010 4459 -------------- next part -------------- --- openssh-2.3.0p1/session.c Sat Oct 28 04:19:58 2000 +++ openssh-2.3.0p1-chroot/session.c Wed Jan 3 19:29:11 2001 @@ -159,6 +159,8 @@ static login_cap_t *lc; #endif +#define CHROOT + /* * Remove local Xauthority file. */ @@ -1011,6 +1013,10 @@ extern char **environ; struct stat st; char *argv[10]; +#ifdef CHROOT + char *user_dir; + char *new_root; +#endif /* CHROOT */ #ifdef WITH_IRIX_PROJECT prid_t projid; #endif /* WITH_IRIX_PR...

...+ #ifdef HAVE_SETUSERCONTEXT + #include <login_cap.h> + #endif + #if defined(HAVE_USERSEC_H) #include <usersec.h> #endif *************** *** 900,905 **** --- 904,912 ---- #ifdef WITH_IRIX_PROJECT prid_t projid; #endif /* WITH_IRIX_PROJECT */ + #ifdef HAVE_SETUSERCONTEXT + login_cap_t *lc; + #endif /* HAVE_SETUSERCONTEXT */ /* login(1) is only called if we execute the login shell */ if (options.use_login && command != NULL) *************** *** 927,932 **** --- 934,940 ---- /* Login(1) does this as well, and it needs uid 0 for the "-h" switch,...

...ill expire/has expired" messages */ +Buffer login_message; /* message to be displayed after login */ +int password_change_required = 0; -#ifdef WITH_AIXAUTHENTICATE -char *aixloginmsg; -#endif /* WITH_AIXAUTHENTICATE */ +void do_tty_change_password(struct passwd *); #ifdef HAVE_LOGIN_CAP login_cap_t *lc; @@ -456,10 +457,11 @@ #if defined(USE_PAM) do_pam_session(s->pw->pw_name, NULL); do_pam_setcred(1); - if (is_pam_password_change_required()) +#endif /* USE_PAM */ + + if (password_change_required) packet_disconnect("Password change required but no " "TTY ava...

nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.