search for: m_recvfd

...; #endif +static int monitor_read_log(struct monitor *); + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -346,6 +357,10 @@ monitor_child_preauth(Authctxt *_authctx debug3("preauth child monitor started"); + close(pmonitor->m_recvfd); + close(pmonitor->m_log_sendfd); + pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1; + authctxt = _authctxt; memset(authctxt, 0, sizeof(*authctxt)); @@ -405,6 +420,10 @@ monitor_child_preauth(Authctxt *_authctx #endif } + /* Drain any buffered messages from the child */ + whil...

...ntAliveInterval: * monitor_wrap.c:720:dead_error_line ? Execution cannot reach this statement "close(tmp2);".o --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -714,10 +714,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || (tmp2 = dup(pmonitor->m_recvfd)) == -1) { error("%s: cannot allocate fds for pty", __func__); - if (tmp1 > 0) + if (tmp1 > -1) close(tmp1); - if (tmp2 > 0) -...

https://bugzilla.mindrot.org/show_bug.cgi?id=2167 Bug ID: 2167 Summary: Connection remains when fork() fails. Product: Portable OpenSSH Version: 5.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

...emptydir, strerror(errno)); + pid = fork(); if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) { debug2("Network child is on pid %ld", (long)pid); + /* Wait for the child to chdir then remove the directory */ + if (read(pmonitor->m_recvfd, &status, 1) < 0) + fatal("read(): %s", strerror(errno)); + if (rmdir(emptydir) < 0) + fatal("rmdir(\"%s\"): %s", emptydir, strerror(errno)); + close(pmonitor->m_recvfd); authctxt = monitor_child_preauth(pmonitor); close(pmonitor->m_sendfd...

...s + * chauthtok() + * + * This MUST be called before the session has acquired its controlling + * tty or the chauthtok child will not be able to acquire it and + * will fail. + */ + +void +mm_do_pam_chauthtok(void) +{ + int result; + Buffer m; + + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_CHAUTHTOK, &m); + mm_send_fd(pmonitor->m_recvfd, STDIN_FILENO); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_CHAUTHTOK, &m); + + buffer_free(&m); +} #endif /* USE_PAM */ /* Request process termination */ Index: monitor_wrap.h ===============...

...d"); + return (NULL); +} + +int +mm_pam_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +{ + Buffer m; + int res; + char *challenge; + + debug3("%s: entering", __FUNCTION__); + + buffer_init(&m); + mm_request_send(monitor->m_recvfd, MONITOR_REQ_PAMQUERY, &m); + + mm_request_receive_expect(monitor->m_recvfd, MONITOR_ANS_PAMQUERY, &m); + res = buffer_get_int(&m); + if (res == -1) { + debug3("%s: no challenge", __FUNCTION__); + buffer_free(&m); + return (-1); + } + + /* Get the challenge, and form...

...00:23:03 -0000 1.13 +++ monitor_wrap.c 2 Jul 2002 02:19:36 -0000 @@ -830,6 +830,85 @@ return ((authok == 0) ? -1 : 0); } +void * +mm_sshpam_init_ctx(struct Authctxt *authctxt) +{ + Buffer m; + + debug3("%s: entering", __func__); + + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); + + return (authctxt); +} + +int +mm_sshpam_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +{ + Buffer m; + int res; + char *challenge; + + debug3("%s: entering", __func__); + + buffer_init(&m)...

...2:34:11 -0000 @@ -663,6 +663,25 @@ buffer_free(&m); } + +void +mm_do_pam_chauthtok(void) +{ + Buffer m; + int ttyfd; + + buffer_init(&m); + + if ((ttyfd = open(_PATH_TTY, O_RDWR)) < 0) + fatal("%s: can't open %s", __func__, _PATH_TTY); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_CHAUTHTOK, &m); + mm_send_fd(pmonitor->m_recvfd, 0); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_CHAUTHTOK, &m); + close(ttyfd); + + buffer_free(&m); +} #endif /* USE_PAM */ /* Request process termination */ Index: monitor_wrap.h ==========...

...:43 -0000 1.12 +++ monitor_wrap.c 25 Jun 2002 01:42:14 -0000 @@ -830,6 +830,81 @@ return ((authok == 0) ? -1 : 0); } +void * +mm_sshpam_init_ctx(struct Authctxt *authctxt) +{ + Buffer m; + + debug3("%s: entering", __FUNCTION__); + + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); + + return (authctxt); +} + +int +mm_sshpam_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +{ + Buffer m; + int res; + char *challenge; + + debug3("%s: entering", __FUNCTION__); + + buffer_init(&am...

nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.

...**userp, void *resp) +{ + krb5_data *tkt, *reply; + Buffer m; + int success; + + debug3("%s entering", __func__); + tkt = (krb5_data *) argp; + reply = (krb5_data *) resp; + + buffer_init(&m); + buffer_put_string(&m, tkt->data, tkt->length); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m); + + success = buffer_get_int(&m); + if (success) { + unsigned int len; + + *userp = buffer_get_string(&m, NULL); + reply->data = buffer_get_string(&m, &len); + reply->...

...2 14:51:17 2003 +++ openssh-3.7.1p2/monitor_wrap.c Tue Oct 7 08:22:01 2003 @@ -165,13 +165,13 @@ buffer_init(&m); buffer_put_int(&m, kex->host_key_index(key)); - buffer_put_string(&m, data, datalen); + buffer_put_binary(&m, data, datalen); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); debug3("%s: waiting for MONITOR_ANS_SIGN", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m); - *sigp = buffer_get_string(&m, lenp); + *sigp = buffer_get_binary(&m, lenp); buffer_free(&m); return (0)...

...if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { - debug2("User child is on pid %ld", (long)pmonitor->m_pid); + verbose("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); buffer_clear(&loginmsg); monitor_child_postauth(pmonitor); -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 185 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/atta...

...t;fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { - debug2("User child is on pid %ld", (long)pmonitor->m_pid); + verbose("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); buffer_clear(&loginmsg); monitor_child_postauth(pmonitor); -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 185 bytes Desc: not available Url : http://lists.mindrot.org/pipe...

...tor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); - } else { mon_dispatch = mon_dispatch_postauth15; monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); @@ -1586,3 +1600,77 @@ mon->m_recvfd = pair[0]; mon->m_sendfd = pair[1]; } + +#ifdef GSSAPI +int +mm_answer_gss_setup_ctx(int socket, Buffer *m) +{ + gss_OID_desc oid; + OM_uint32 major; + u_int len; + + oid.elements = buffer_get_string(m, &len); + oid.length = len; + + major = ssh_gssapi_server_ctx(&gsscontext, &oid...

...m, buffer_ptr(&input), buffer_len(&input)); buffer_put_string(&m, buffer_ptr(&output), buffer_len(&output)); + /* Let's not forget our loginmsg, now, eh? */ + buffer_put_string(&m, buffer_ptr(&loginmsg), buffer_len(&loginmsg)); + mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, &m); debug3("%s: Finished sending state", __func__);

...@@ -649,6 +649,24 @@ s->ttyfd = -1; } +#ifdef HAVE_OSF_SIA +void +mm_setup_sia(char *name, char *tty) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_cstring(&m, name); + buffer_put_cstring(&m, tty); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SETUP_SIA, &m); + + buffer_free(&m); +} +#endif + #ifdef USE_PAM void mm_start_pam(char *user) Index: monitor_wrap.h =================================================================== RCS file: /var/cvs/openssh/monitor_wrap.h,v retrieving revision 1.6 diff -u -r1.6 monitor_...

...@ -649,6 +649,24 @@ s->ttyfd = -1; } +#ifdef HAVE_OSF_SIA +void +mm_setup_sia(char *name, char *tty) +{ + Buffer m; + + debug3("mm_setup_sia: entering"); + + buffer_init(&m); + buffer_put_cstring(&m, name); + buffer_put_cstring(&m, tty); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SETUP_SIA, &m); + + buffer_free(&m); +} +#endif + #ifdef USE_PAM void mm_start_pam(char *user) Index: monitor_wrap.h =================================================================== RCS file: /var/cvs/openssh/monitor_wrap.h,v retrieving revision 1.6 diff -u -r1.6 monitor_...

...@@ -649,6 +649,24 @@ s->ttyfd = -1; } +#ifdef HAVE_OSF_SIA +void +mm_setup_sia(char *name, char *tty) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_cstring(&m, name); + buffer_put_cstring(&m, tty); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SETUP_SIA, &m); + + buffer_free(&m); +} +#endif + #ifdef USE_PAM void mm_start_pam(char *user) diff -ur openssh-3.4p1/monitor_wrap.h openssh-3.4p1+/monitor_wrap.h --- openssh-3.4p1/monitor_wrap.h Sun May 12 21:07:42 2002 +++ openssh-3.4p1+/monitor_wrap.h Sun Jul 21 22:53:14...

https://bugzilla.mindrot.org/show_bug.cgi?id=2140 Bug ID: 2140 Summary: Capsicum support for FreeBSD 10 (-current) Product: Portable OpenSSH Version: -current Hardware: All OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at