search for: monitor_req_term

...ndif +#ifdef HAVE_OSF_SIA +int mm_answer_setup_sia(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -176,6 +180,9 @@ {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef HAVE_OSF_SIA + {MONITOR_REQ_SETUP_SIA, 0, mm_answer_setup_sia}, +#endif {0, 0, NULL} }; @@ -206,6 +213,9 @@ {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_te...

...ndif +#ifdef HAVE_OSF_SIA +int mm_answer_setup_sia(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -176,6 +180,9 @@ {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef HAVE_OSF_SIA + {MONITOR_REQ_SETUP_SIA, 0, mm_answer_setup_sia}, +#endif {0, 0, NULL} }; @@ -206,6 +213,9 @@ {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_te...

...ndif +#ifdef HAVE_OSF_SIA +int mm_answer_setup_sia(int, Buffer *); +#endif + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -176,6 +180,9 @@ {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef HAVE_OSF_SIA + {MONITOR_REQ_SETUP_SIA, 0, mm_answer_setup_sia}, +#endif {0, 0, NULL} }; @@ -206,6 +213,9 @@ {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_te...

...his. -- albert chin (china at thewrittenword.com) -- snip snip --- monitor.h.orig Tue Jun 4 18:49:51 2002 +++ monitor.h Tue Jun 4 18:49:58 2002 @@ -50,7 +50,7 @@ MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, MONITOR_REQ_PAM_START, - MONITOR_REQ_TERM, + MONITOR_REQ_TERM }; struct mm_master; --- log.h.orig Tue Jun 4 17:51:55 2002 +++ log.h Tue Jun 4 17:52:03 2002 @@ -33,7 +33,7 @@ SYSLOG_FACILITY_LOCAL5, SYSLOG_FACILITY_LOCAL6, SYSLOG_FACILITY_LOCAL7, - SYSLOG_FACILITY_NOT_SET = -1, + SYSLOG_FACILITY_NOT_SET = -1 } SyslogFacil...

...I tracked these down to the audit event handling for ssh1. Changing ssh1 to use MON_PERMIT instead of MON_ONCE (ssh2 uses MON_PERMIT) for REQ_AUDIT_COMMAND fixes it (well, shuts up the warnings): ==== //depot/yahoo/ybsd_6/src/crypto/openssh/monitor.c#4 (text+ko) ==== @@ -272,7 +272,7 @@ {MONITOR_REQ_TERM, 0, mm_answer_term}, #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, - {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, #endif {0, 0, NULL} }; I notice that e...

...21 Dec 2002 11:39:06 -0000 @@ -118,6 +118,7 @@ #ifdef USE_PAM int mm_answer_pam_start(int, Buffer *); +int mm_answer_pam_chauthtok(int, Buffer *); #endif #ifdef KRB4 @@ -183,6 +184,9 @@ {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef USE_PAM + {MONITOR_REQ_PAM_CHAUTHTOK, 0, mm_answer_pam_chauthtok}, +#endif {0, 0, NULL} }; @@ -219,6 +223,9 @@ {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answe...

...10 Dec 2002 12:34:11 -0000 @@ -118,6 +118,7 @@ #ifdef USE_PAM int mm_answer_pam_start(int, Buffer *); +int mm_answer_pam_chauthtok(int, Buffer *); #endif #ifdef KRB4 @@ -183,6 +184,9 @@ {MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answer_term}, +#ifdef USE_PAM + {MONITOR_REQ_PAM_CHAUTHTOK, 0, mm_answer_pam_chauthtok}, +#endif {0, 0, NULL} }; @@ -219,6 +223,9 @@ {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_TERM, 0, mm_answe...

Hey, Judging from the (private) responses I?ve got, there is quite a bit of interest in the U2F feature I proposed a while ago. Therefore, I?ve taken some time to resolve the remaining issues, and I think the resulting patch (attached to this email) is in quite a good state now. I also posted the new version of the patch to https://bugzilla.mindrot.org/show_bug.cgi?id=2319 (which I?ve opened

...revision 1.8 diff -u -r1.8 monitor.h --- monitor.h 11 Jun 2002 16:42:49 -0000 1.8 +++ monitor.h 28 Jun 2002 20:29:09 -0000 @@ -50,6 +50,7 @@ MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, MONITOR_REQ_PAM_START, + MONITOR_REQ_SETUP_SIA, MONITOR_REQ_TERM }; Index: monitor_wrap.c =================================================================== RCS file: /var/cvs/openssh/monitor_wrap.c,v retrieving revision 1.13 diff -u -r1.13 monitor_wrap.c --- monitor_wrap.c 27 Jun 2002 00:23:03 -0000 1.13 +++ monitor_wrap.c 28 Jun 2002 20:29:12 -0000 @@ -649,...

...-- openssh-3.4p1/monitor.h.krb Tue Jul 23 15:15:43 2002 +++ openssh-3.4p1/monitor.h Tue Jul 23 15:15:43 2002 @@ -51,6 +51,7 @@ MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, MONITOR_REQ_PAM_START, MONITOR_REQ_PAM_CHAUTHTOK, MONITOR_ANS_PAM_CHAUTHTOK, + MONITOR_REQ_KRB5, MONITOR_ANS_KRB5, MONITOR_REQ_TERM }; --- openssh-3.4p1/monitor_wrap.c.krb Tue Jul 23 15:15:43 2002 +++ openssh-3.4p1/monitor_wrap.c Tue Jul 23 15:18:23 2002 @@ -1040,3 +1040,38 @@ return (success); } + +#ifdef KRB5 +int +mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) +{ + krb5_data *tkt, *reply; + Buffer m; +...

...m to be respected by YubiKeys (if I understand > the spec correctly) > Is AppID a better choice for this reason? > > 3) Include paths (probably bug in libu2f-host) > This is https://github.com/Yubico/libu2f-host/issues/13 that you filed. > > 4) What happened to 51? > MONITOR_REQ_TERM = 50, > + MONITOR_REQ_READUSERU2FKEY = 52, MONITOR_ANS_READUSERU2FKEY = 53, > > 5) Why does registration connect to the server anyway, if the server > doesn't keep state and origin is not tied to the server pubkey? > Indeed, without AuthenticationMethods registration return...

...STEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, + {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, +#endif {0, 0, NULL} }; @@ -320,7 +335,6 @@ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); - } else { mon_dispatch = mon_dispatch_postauth15; monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); @@ -1586,3 +1600,77 @@ mon->m_recvfd = pair[0]; mon->m_sendfd = pair[1]; } + +#ifdef GSSAPI +int +mm_answer_gss_setup_ctx(int socket, Buffer *m) +{ + gss_OID_desc oid; + OM_...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |