search for: nresp

...===================================== RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v retrieving revision 1.18 diff -u -r1.18 auth2-chall.c --- auth2-chall.c 19 Jun 2002 00:27:55 -0000 1.18 +++ auth2-chall.c 26 Jun 2002 09:37:03 -0000 @@ -256,6 +256,8 @@ authctxt->postponed = 0; /* reset */ nresp = packet_get_int(); + if (nresp > 100) + fatal("input_userauth_info_response: nresp too big %u", nresp); if (nresp > 0) { response = xmalloc(nresp * sizeof(char*)); for (i = 0; i < nresp; i++) B: Index: auth2-pam.c ======================================================...

...===================================== RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v retrieving revision 1.18 diff -u -r1.18 auth2-chall.c --- auth2-chall.c 19 Jun 2002 00:27:55 -0000 1.18 +++ auth2-chall.c 26 Jun 2002 09:37:03 -0000 @@ -256,6 +256,8 @@ authctxt->postponed = 0; /* reset */ nresp = packet_get_int(); + if (nresp > 100) + fatal("input_userauth_info_response: nresp too big %u", nresp); if (nresp > 0) { response = xmalloc(nresp * sizeof(char*)); for (i = 0; i < nresp; i++) B: Index: auth2-pam.c ======================================================...

...===================================== RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v retrieving revision 1.18 diff -u -r1.18 auth2-chall.c --- auth2-chall.c 19 Jun 2002 00:27:55 -0000 1.18 +++ auth2-chall.c 26 Jun 2002 09:37:03 -0000 @@ -256,6 +256,8 @@ authctxt->postponed = 0; /* reset */ nresp = packet_get_int(); + if (nresp > 100) + fatal("input_userauth_info_response: nresp too big %u", nresp); if (nresp > 0) { response = xmalloc(nresp * sizeof(char*)); for (i = 0; i < nresp; i++) B: Index: auth2-pam.c ======================================================...

...===================================== RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v retrieving revision 1.18 diff -u -r1.18 auth2-chall.c --- auth2-chall.c 19 Jun 2002 00:27:55 -0000 1.18 +++ auth2-chall.c 26 Jun 2002 09:37:03 -0000 @@ -256,6 +256,8 @@ authctxt->postponed = 0; /* reset */ nresp = packet_get_int(); + if (nresp > 100) + fatal("input_userauth_info_response: nresp too big %u", nresp); if (nresp > 0) { response = xmalloc(nresp * sizeof(char*)); for (i = 0; i < nresp; i++) B: Index: auth2-pam.c ======================================================...

...===================================== RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v retrieving revision 1.18 diff -u -r1.18 auth2-chall.c --- auth2-chall.c 19 Jun 2002 00:27:55 -0000 1.18 +++ auth2-chall.c 26 Jun 2002 09:37:03 -0000 @@ -256,6 +256,8 @@ authctxt->postponed = 0; /* reset */ nresp = packet_get_int(); + if (nresp > 100) + fatal("input_userauth_info_response: nresp too big %u", nresp); if (nresp > 0) { response = xmalloc(nresp * sizeof(char*)); for (i = 0; i < nresp; i++) B: Index: auth2-pam.c ======================================================...

...===================================== RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v retrieving revision 1.18 diff -u -r1.18 auth2-chall.c --- auth2-chall.c 19 Jun 2002 00:27:55 -0000 1.18 +++ auth2-chall.c 26 Jun 2002 09:37:03 -0000 @@ -256,6 +256,8 @@ authctxt->postponed = 0; /* reset */ nresp = packet_get_int(); + if (nresp > 100) + fatal("input_userauth_info_response: nresp too big %u", nresp); if (nresp > 0) { response = xmalloc(nresp * sizeof(char*)); for (i = 0; i < nresp; i++) B: Index: auth2-pam.c ======================================================...

...mpted to change their password. NOTE: "pam_setcred: error Permission denied" errors are still issued when exiting a session. *** auth2-pam.c- Tue Feb 26 15:30:14 2002 --- auth2-pam.c Tue Feb 26 15:31:26 2002 *************** *** 134,141 **** --- 134,143 ---- unsigned int nresp = 0, rlen = 0, i = 0; char *resp; + /* if (authctxt == NULL) fatal("input_userauth_info_response_pam: no authentication context"); + */ nresp = packet_get_int(); /* Number of responses. */ debug("got %d responses", nresp);...

...entry: sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 sshd auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass *** auth2-pam.c- Tue Feb 26 15:30:14 2002 --- auth2-pam.c Tue Feb 26 15:31:26 2002 *************** *** 134,141 **** --- 134,143 ---- unsigned int nresp = 0, rlen = 0, i = 0; char *resp; + /* if (authctxt == NULL) fatal("input_userauth_info_response_pam: no authentication context"); + */ nresp = packet_get_int(); /* Number of responses. */ debug("got %d responses", nresp); -...

...t;input_userauth_info_response_pam: no authentication context"); - if (authctxt->attempt++ >= AUTH_FAIL_MAX) - packet_disconnect("too many failed userauth_requests"); + if (authctxt->failures >= AUTH_FAIL_MAX) + packet_disconnect(AUTH_FAIL_MSG, authctxt->user); nresp = packet_get_int(); /* Number of responses. */ debug("got %d responses", nresp);

...it(0); + + auth_fail: + sshpam_send(ctxt, "!%s", pam_strerror(sshpamh, err)); + pam_end(sshpamh, err); + exit(0); } -void -input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) +void * +sshpam_init_ctx(Authctxt *authctxt) { - Authctxt *authctxt = ctxt; - unsigned int nresp = 0, rlen = 0, i = 0; - char *resp; - - if (authctxt == NULL) - fatal("input_userauth_info_response_pam: no authentication context"); + struct sshpam_ctxt *ctxt; + int socks[2]; + int i; + + debug3("PAM kbd-int init ctx"); + + ctxt = xmalloc(sizeof *ctxt); + ctxt->user = xst...

...1)) X <- model.matrix(fit.model) n <- nrow(X) p <- ncol(X) w <- fit.model$weights W <- diag(w) H <- solve(t(X)%*%W%*%X) H <- sqrt(W)%*%X%*%H%*%t(X)%*%sqrt(W) h <- diag(H) td <- resid(fit.model,type="deviance")/sqrt(1-h) e <- matrix(0,n,100) # for(i in 1:100){ nresp <- rpois(n, fitted(fit.model)) fit <- glm(nresp ~ X , family=poisson) w <- fit$weights W <- diag(w) H <- solve(t(X)%*%W%*%X) H <- sqrt(W)%*%X%*%H%*%t(X)%*%sqrt(W) h <- diag(H) e[,i] <- sort(resid(fit,type="deviance")/sqrt(1-h))} # e1 <- numeric(n) e2 <- numer...

..."); - } - - if(context_pam2.num_received == context_pam2.num_expected) { - *resp = context_pam2.responses; - return PAM_SUCCESS; - } else - return PAM_CONV_ERR; -} - -void -input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) -{ - Authctxt *authctxt = ctxt; - unsigned int nresp = 0, rlen = 0, i = 0; - char *resp; - - if (authctxt == NULL) - fatal("input_userauth_info_response_pam: no authentication context"); - - nresp = packet_get_int(); /* Number of responses. */ - debug("got %d responses", nresp); - - for (i = 0; i < nresp; i++) { - int j = con...

...ctxt->sock = socks[0]; + close(socks[1]); + return (ctxt); } -void -input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) +int +sshpam_query(void *ctx, char **name, char **info, + u_int *num, char ***prompts, u_int **echo_on) { - Authctxt *authctxt = ctxt; - unsigned int nresp = 0, rlen = 0, i = 0; - char *resp; + struct sshpam_ctxt *ctxt = ctx; + char *msg; - if (authctxt == NULL) - fatal("input_userauth_info_response_pam: no authentication context"); + debug3("PAM kbd-int query"); - nresp = packet_get_int(); /* Number of responses. */ - debug(&...

...c == NULL, this line segfaults. Test at 1142 should probably return 1234 If c == NULL, this line segfaults. Test at 1224 should probably return Sshd.c 106 IPv4or6 is an int. Line 136 of channels.c declares a static int for same variable. ??? Auth2-chall.c 261 Test at 246 check for > 0. If nresp == 0, response never gets alloc?ed and is still NULL at line 261. Session.c 1476 There?s several ways that cp could still be NULL by the time it gets to this line. Especially if AIX is defined. Better checking of cp is needed leading up to this line. 2021 Are all session tty members guaranteed...

...;valid case (i.e. when the getpwnam() returns a real acct). This seems to make the fakepw() case above pointless (and prevents my captive acct scenario from working). if (authctxt->valid) { res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); } else { res = -1; } My question is how is the !valid case supposed to work? Is this just an oversight in the OpenSSH code, or am I missing some other piece of the puzzle (perhaps somewhere where valid is supposed to be set)? If this is just a bug, I&...