Displaying 20 results from an estimated 65 matches for "loginmsg".
2003 Jul 05
0
[PATCH] Replace AIX loginmsg with generic Buffer loginmsg
Hi All.
I've decided to try to merge the -Portable parts of the password expiry
patch (see bug #14) that do not depend on the OpenBSD change in bug #463.
The attached patch is the first step in this process. It removes the
AIX-specific "char *aixloginmsg" and replaces it with a platform-neutral
"Buffer loginmsg". I think this is worth having in -Portable even if it
does not make it to OpenBSD.
Does anyone see any problems with or have any objections to this patch?
-Daz.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69...
2008 Jul 09
2
loginmsg bug
Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html
This Mrdkaaa character claims to have exploited this, but does not say
how.
The issue is that if do_pam_account() fails, do_authloop() will call
packet_disconnect() with loginmsg as the format string (classic
printf(foo) instead of printf("%s", foo) bug).
The stuff that do_authloop() appends to loginmsg is harmless (the user
name is safe, since at this point we know the account exists). The
question is, what does loginmsg contain before do_authloop()?
Can login...
2001 Apr 25
0
Functionality bug (possibly) in openssh on AIX 4.3
...ext part --------------
*** auth.c Tue Apr 24 16:01:02 2001
--- ../openssh-2.5.2p2/auth.c Mon Mar 19 13:15:57 2001
***************
*** 142,164 ****
}
#ifdef WITH_AIXAUTHENTICATE
! if ((pw->pw_uid != 0) && (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0)) {
! if (loginmsg && *loginmsg) {
! /* Remove embedded newlines (if any) */
! char *p;
! for (p = loginmsg; *p; p++) {
! if (*p == '\n')
!...
2001 Apr 26
2
Functionality bug (possibly) in openssh on AIX 4.3 (fwd)
...the box as
root.
[...]
*** auth.c Tue Apr 24 16:01:02 2001
--- ../openssh-2.5.2p2/auth.c Mon Mar 19 13:15:57 2001
***************
*** 142,164 ****
}
#ifdef WITH_AIXAUTHENTICATE
! if ((pw->pw_uid != 0) && (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0)) {
! if (loginmsg && *loginmsg) {
! /* Remove embedded newlines (if any) */
! char *p;
! for (p = loginmsg; *p; p++) {
! if (*p == '\n')
!...
2002 Oct 13
1
[PATCH] AIX password expiration
...word_change_required;
+#endif
+
/*
* Check if the user is allowed to log in via ssh. If user is listed
* in DenyUsers or one of user's groups is listed in DenyGroups, false
@@ -202,19 +208,39 @@
}
#ifdef WITH_AIXAUTHENTICATE
- if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
- if (loginmsg && *loginmsg) {
- /* Remove embedded newlines (if any) */
- char *p;
- for (p = loginmsg; *p; p++) {
- if (*p == '\n')
- *p = ' ';
+ /*
+ * Don't check loginrestrictions or expiry for root account (use
+ * PermitRootLogin to contro...
2000 May 15
1
AIX authenticate patches
..."
#include "channels.h"
#include "match.h"
+#ifdef HAVE_LOGIN_H
+#include <login.h>
+#endif
#include "bufaux.h"
#include "ssh2.h"
@@ -111,8 +114,20 @@
}
#ifdef WITH_AIXAUTHENTICATE
- if (loginrestrictions(pw->pw_name,S_LOGIN,NULL,&loginmsg) != 0)
+ if (loginrestrictions(pw->pw_name,S_RLOGIN,NULL,&loginmsg) != 0) {
+ if (loginmsg && *loginmsg) {
+ /* Remove embedded newlines (if any) */
+ char *p;
+ for (p = loginmsg; *p; p++)
+ if (*p == '\n')
+ *p = ' ';
+ /* Remove trailing newline */...
2001 Nov 05
2
Security - ssh allows unintended access on AIX
..., access
should be denied.
Being a simple soul, I have added a routine passwdexpires ( AIX Lib )
directly after loginrestrictions with the same code. I think this should
be urgently added to the code - hope this helps.
auth.c
/* mpi change expiresmsg */
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
char *expiresmsg;
int passexpcode;
#endif /* WITH_AIXAUTHENTICATE */
#ifdef WITH_AIXAUTHENTICATE
auth.c
/* mpi change passwdexpires hinein */
if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) !=
0) {
if (loginmsg && *loginms...
2005 Sep 21
23
[Bug 1087] SSH fails to show PAM password expiry message from LDAP on login
http://bugzilla.mindrot.org/show_bug.cgi?id=1087
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|Portable OpenSSH |
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2006 Feb 16
2
PAM and passwd age warnings again.
...2p1.old/monitor.c Sun Jul 17 03:53:31 2005
+++ openssh-4.2p1.new/monitor.c Tue Dec 20 09:10:04 2005
@@ -1716,6 +1716,11 @@
child_state.input = buffer_get_string(&m, &child_state.ilen);
child_state.output = buffer_get_string(&m, &child_state.olen);
+ /* Let's not forget our loginmsg, now, eh? */
+ p = buffer_get_string (&m, &plen);
+ if (plen) buffer_append (&loginmsg, p, plen);
+ xfree (p);
+
buffer_free(&m);
}
diff -Naur openssh-4.2p1.old/monitor_wrap.c openssh-4.2p1.new/monitor_wrap.c
--- openssh-4.2p1.old/monitor_wrap.c Sun Jul 17 03:53:31 2005
+++ ope...
2002 Mar 21
0
[Bug 178] New: Content of /etc/nologin isn't shown to users, fix triggers probably AIX bug
...file: /usr/local/.cvs/auth/openssh/auth.c,v
retrieving revision 1.1.1.5
diff -c -r1.1.1.5 auth.c
*** auth.c 2002/03/08 07:55:38 1.1.1.5
--- auth.c 2002/03/15 12:54:01
***************
*** 177,183 ****
}
#ifdef WITH_AIXAUTHENTICATE
! if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
if (loginmsg && *loginmsg) {
/* Remove embedded newlines (if any) */
char *p;
--- 177,190 ----
}
#ifdef WITH_AIXAUTHENTICATE
! /*
! * To let the user read a possible message in /etc/nologin we have to
! * accept him here. Otherwise the message will just b...
2002 Aug 22
7
[Bug 383] PublicKeyAuthentication failure when rlogin set to false
http://bugzilla.mindrot.org/show_bug.cgi?id=383
------- Additional Comments From markus at openbsd.org 2002-08-23 07:46 -------
what does "rlogin set to false" mean?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2003 May 10
7
[Bug 463] PrintLastLog doesn't work in privsep mode
http://bugzilla.mindrot.org/show_bug.cgi?id=463
------- Additional Comments From dtucker at zip.com.au 2003-05-10 12:59 -------
I've had a look at the OpenBSD source and I don't think OpenBSD *needs* a
"Buffer loginmsg" right now. PrintLastLog can be easily fixed by updating
s->last_login_time before the privsep split.
So, is there another reason OpenBSD needs (or wants) a "Buffer loginmsg"? Or
should it be -portable only? Have I overlooked something? And what's the
feeling on the mo...
2002 Sep 29
0
[PATCH] Only call loginrestiction on AIX if running as root
...=======================
RCS file: /cvs/openssh/auth.c,v
retrieving revision 1.58
diff -u -r1.58 auth.c
--- auth.c 21 Sep 2002 15:26:53 -0000 1.58
+++ auth.c 29 Sep 2002 05:53:43 -0000
@@ -202,7 +202,7 @@
}
#ifdef WITH_AIXAUTHENTICATE
- if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+ if ((geteuid()==0) && loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
if (loginmsg && *loginmsg) {
/* Remove embedded newlines (if any) */
char *p;
2009 May 03
10
[Bug 1595] New: Server option PrintLastLog does not work on AIX
...success() call (which
writes a new login record), the last login record can be retrieved by
that very same call.
If we look at port-aix.c, we can see the following:
if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0)
{
success = 1;
if (msg != NULL && loginmsg != NULL && !msg_done) {
debug("AIX/loginsuccess: msg %s", msg);
buffer_append(loginmsg, msg, strlen(msg));
xfree(msg);
msg_done = 1;
}
}
The pointer "msg" points to the new...
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
Hi All.
Attached is a patch that converts pam_chauthtok_conv into a generic
pam_tty_conv, which is used rather than null_conv for do_pam_session.
This allows, for example, display of messages from PAM session modules.
The accumulation of PAM messages into loginmsg won't help until there is
a way to collect loginmsg from the monitor (see, eg, the patches for bug
#463). This is because the authentication is postponed and the messages
will be collected after the post-auth privsep split.
Comments? OK?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8F...
2003 Jul 30
1
[PATCH] Password expiry merge (AIX parts)
...;servconf.h"
#include "auth.h"
+#include "auth-options.h"
+#include "misc.h"
+#include "buffer.h"
#include "openbsd-compat/xcrypt.h"
#ifdef WITH_AIXAUTHENTICATE
# include "buffer.h"
# include "canohost.h"
-extern Buffer loginmsg;
#endif
extern ServerOptions options;
+extern Buffer loginmsg;
+int password_change_required = 0;
/*
* Tries to authenticate the user using password. Returns true if
@@ -168,4 +172,81 @@
}
# endif
#endif /* !HAVE_OSF_SIA */
+}
+
+/*
+ * Perform generic password change via tty. Like d...
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
...ned(HAVE_OSF_SIA)
/* Don't need any of these headers for the PAM or SIA cases */
@@ -81,8 +83,10 @@
#endif /* !USE_PAM && !HAVE_OSF_SIA */
extern ServerOptions options;
+extern Buffer login_message;
+extern int password_change_required;
#ifdef WITH_AIXAUTHENTICATE
-extern char *aixloginmsg;
+void aix_remove_embedded_newlines(char *);
#endif
/*
@@ -149,13 +153,23 @@
#endif
#ifdef WITH_AIXAUTHENTICATE
authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
+ aix_remove_embedded_newlines(authmsg);
- if (authsuccess)
+ if (authsuccess) {
+ char *m...
2001 Mar 18
2
char *getusershell();
...in the compilation of "auth.c".
*** openssh_cvs/auth.c- Sun Mar 18 12:52:30 2001
--- openssh_cvs/auth.c Sun Mar 18 13:32:20 2001
***************
*** 57,63 ****
allowed_user(struct passwd * pw)
{
struct stat st;
! char *shell, *cp;
int i;
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
--- 57,63 ----
allowed_user(struct passwd * pw)
{
struct stat st;
! char *shell, *cp, *getusershell();
int i;
#ifdef WITH_AIXAUTHENTICATE
char *loginmsg;
-- ayamura
2009 May 03
0
Server option PrintLastLog does not work on AIX
...ginsuccess() call (which writes a new login record), the last login record can be retrieved by that very same call.
If we look at port-aix.c, we can see the following:
if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) {
success = 1;
if (msg != NULL && loginmsg != NULL && !msg_done) {
debug("AIX/loginsuccess: msg %s", msg);
buffer_append(loginmsg, msg, strlen(msg));
xfree(msg);
msg_done = 1;
}
}
The pointer "msg" points to the new...
2003 Jul 09
0
[PATCH] Add expired password handling for AIX.
...fer.h"
#include "xmalloc.h"
#include "canohost.h"
+#include "misc.h"
+#include "auth-options.h"
#if !defined(HAVE_OSF_SIA)
/* Don't need any of these headers for the SIA cases */
@@ -82,6 +84,7 @@
extern ServerOptions options;
extern Buffer loginmsg;
+int password_change_required = 0;
/*
* Tries to authenticate the user using password. Returns true if
@@ -248,4 +251,81 @@
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
#endif /* !HAVE_OSF_SIA */
+}
+
+...