Displaying 15 results from an estimated 15 matches for "mon_once".
2006 Feb 12
1
sshd double-logging
...t},
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
- {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
+ {MONITOR_REQ_PAM_RESPOND, MON_AUTH, mm_answer_pam_respond},
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif
#ifdef SSH_AUDIT_EVENTS
@@ -231,8 +231,8 @@ struct mon_table mon_dispatch_proto15[]
{MONITOR_REQ_SESSKEY, MON_ONCE, mm_answer_sesskey},
{MONITOR_REQ_SESSID, MON_ONCE, mm_answer_sessid},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_...
2006 Sep 14
6
sshd audit not happy with ssh1 and scp
...37]: fatal: mm_request_send: write:
Broken pipe
Sep 12 14:13:16 <console.info> bm55 kernel: Sep 12 14:13:16 <auth.crit> bm55
sshd[12337]: fatal: mm_request_send: write: Broken pipe
I tracked these down to the audit event handling for ssh1. Changing ssh1 to
use MON_PERMIT instead of MON_ONCE (ssh2 uses MON_PERMIT) for
REQ_AUDIT_COMMAND fixes it (well, shuts up the warnings):
==== //depot/yahoo/ybsd_6/src/crypto/openssh/monitor.c#4 (text+ko) ====
@@ -272,7 +272,7 @@
{MONITOR_REQ_TERM, 0, mm_answer_term},
#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answe...
2002 Jun 28
0
Newer OSF patch.
...29:09 -0000
@@ -120,6 +120,10 @@
int mm_answer_pam_start(int, Buffer *);
#endif
+#ifdef HAVE_OSF_SIA
+int mm_answer_setup_sia(int, Buffer *);
+#endif
+
static Authctxt *authctxt;
static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
@@ -154,6 +158,9 @@
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
+#ifdef HAVE_OSF_SIA
+ {MONITOR_REQ_SETUP_SIA, MON_ONCE, mm_answer_setup_sia},
+#endif
#ifdef USE_PAM
{MONITOR_REQ_PAM_START...
2002 Jun 29
0
Privsep for osf/1 .. still need a bit of help
...80,9 @@
{MONITOR_REQ_PTY, 0, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef HAVE_OSF_SIA
+ {MONITOR_REQ_SETUP_SIA, 0, mm_answer_setup_sia},
+#endif
{0, 0, NULL}
};
@@ -206,6 +213,9 @@
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef HAVE_OSF_SIA
+ {MONITOR_REQ_SETUP_SIA, MON_ONCE, mm_answer_setup_sia},
+#endif
{0, 0, NULL}
};
@@ -307,10 +317,16 @@
monitor_permit(mon_dispatch, MONITOR...
2002 Aug 01
0
Tru64 and OSF/1 Privsep patch
...80,9 @@
{MONITOR_REQ_PTY, 0, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef HAVE_OSF_SIA
+ {MONITOR_REQ_SETUP_SIA, 0, mm_answer_setup_sia},
+#endif
{0, 0, NULL}
};
@@ -206,6 +213,9 @@
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef HAVE_OSF_SIA
+ {MONITOR_REQ_SETUP_SIA, MON_ONCE, mm_answer_setup_sia},
+#endif
{0, 0, NULL}
};
@@ -307,10 +317,16 @@
monitor_permit(mon_dispatch, MONITOR...
2016 Sep 05
2
GSSAPI monitor hardening
...r_gss_setup_ctx},
- {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
- {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
- {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
+ {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
+ {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
+ {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
#endif
{0, 0, NULL}
};
2002 Jul 02
3
New PAM kbd-int diff
...d *sshpam_init_ctx(Authctxt *);
+extern int sshpam_query(void *, char **, char **, u_int *, char ***, u_int **);
+extern int sshpam_respond(void *, u_int , char **);
+extern void sshpam_free_ctx(void *);
#endif
static Authctxt *authctxt;
@@ -155,7 +166,11 @@
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
#ifdef USE_PAM
+ {MONITOR_REQ_PAM_INIT_CTX, MON_ONCE, mm_answer_sshpam_init_ctx},
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
+ {MONITOR_REQ_PAMQUERY, MON_ISAUTH, mm_answer_sshp...
2004 Sep 07
0
Please review openssh patch for selinux
...@
int mm_answer_sesskey(int, Buffer *);
int mm_answer_sessid(int, Buffer *);
+#ifdef WITH_SELINUX
+int mm_answer_authrole(int, Buffer *);
+#endif
+
#ifdef USE_PAM
int mm_answer_pam_start(int, Buffer *);
int mm_answer_pam_account(int, Buffer *);
@@ -178,6 +182,9 @@
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
+#ifdef WITH_SELINUX
+ {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
+#endif
#ifdef USE_PAM
{MONITOR_REQ_PAM_START,...
2002 Jun 25
4
PAM kbd-int with privsep
...d *sshpam_init_ctx(Authctxt *);
+extern int sshpam_query(void *, char **, char **, u_int *, char ***, u_int **);
+extern int sshpam_respond(void *, u_int , char **);
+extern void sshpam_free_ctx(void *);
#endif
static Authctxt *authctxt;
@@ -155,7 +166,11 @@
{MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
#ifdef USE_PAM
+ {MONITOR_REQ_PAM_INIT_CTX, 0, mm_answer_sshpam_init_ctx},
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
+ {MONITOR_REQ_PAMQUERY, MON_ISAUTH, mm_answer_sshpamquery...
2002 Aug 11
4
OSF/1 or Tru64 patch for Privsep
...80,9 @@
{MONITOR_REQ_PTY, 0, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef HAVE_OSF_SIA
+ {MONITOR_REQ_SETUP_SIA, 0, mm_answer_setup_sia},
+#endif
{0, 0, NULL}
};
@@ -206,6 +213,9 @@
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef HAVE_OSF_SIA
+ {MONITOR_REQ_SETUP_SIA, MON_ONCE, mm_answer_setup_sia},
+#endif
{0, 0, NULL}
};
@@ -307,10 +317,16 @@
monitor_permit(mon_dispatch, MONITOR...
2002 Jul 31
2
privsep+kerb5+ssh1
...2
@@ -121,6 +121,10 @@
int mm_answer_pam_chauthtok(int, Buffer *);
#endif
+#ifdef KRB5
+int mm_answer_krb5(int, Buffer *);
+#endif
+
static Authctxt *authctxt;
static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
@@ -201,6 +205,9 @@
#ifdef USE_PAM
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
#endif
+#ifdef KRB5
+ {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5},
+#endif
{0, 0, NULL}
};
@@ -1333,6 +1340,42 @@
return (success);
}
+
+#ifdef KRB5
+int
+mm_answer_krb5(int socket, Buffer *m)
+{
+ krb5_data tkt, reply;
+ char *client_user;
+ unsign...
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
...@@
{MONITOR_REQ_PTY, 0, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef USE_PAM
+ {MONITOR_REQ_PAM_CHAUTHTOK, 0, mm_answer_pam_chauthtok},
+#endif
{0, 0, NULL}
};
@@ -219,6 +223,9 @@
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef USE_PAM
+ {MONITOR_REQ_PAM_CHAUTHTOK, 0, mm_answer_pam_chauthtok},
+#endif
{0, 0, NULL}
};
@@ -328,6 +335,7 @@
if (!no_pty_flag) {
monitor_permit(mon_...
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
...@@
{MONITOR_REQ_PTY, 0, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef USE_PAM
+ {MONITOR_REQ_PAM_CHAUTHTOK, 0, mm_answer_pam_chauthtok},
+#endif
{0, 0, NULL}
};
@@ -219,6 +223,9 @@
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
+#ifdef USE_PAM
+ {MONITOR_REQ_PAM_CHAUTHTOK, 0, mm_answer_pam_chauthtok},
+#endif
{0, 0, NULL}
};
@@ -328,6 +335,7 @@
if (!no_pty_flag) {
monitor_permit(mon_...
2003 Aug 10
9
updated gssapi diff
...API
+int mm_answer_gss_setup_ctx(int, Buffer *);
+int mm_answer_gss_accept_ctx(int, Buffer *);
+int mm_answer_gss_userok(int, Buffer *);
+#endif
static Authctxt *authctxt;
static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
@@ -168,6 +178,11 @@
#ifdef KRB5
{MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5},
#endif
+#ifdef GSSAPI
+ {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
+ {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
+ {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+#endif
{0, 0, NULL}
};
@@ -320,7 +335,6 @@
m...
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |