search for: packet_disconnect

...entity. */ debug("Trying RSA authentication via agent with '%.100s'", comment); - xfree(comment); + if (!options.checkey) xfree(comment); /* Tell the server that we are willing to authenticate using this key. */ packet_start(SSH_CMSG_AUTH_RSA); @@ -107,9 +108,17 @@ packet_disconnect("Protocol error during RSA authentication: %d", type); + /*if -u is enabled print a message and then exit*/ + if (options.checkey) { + snprintf(buf, sizeof(buf), "RSA key '%.100s' is Valid",comment); + xfree(comment); +...

Darren Tucker wrote: > Question is: what to do? > c) make packet_disconnect a real function. I say c. //Peter

...f (authctxt->failures++ > AUTH_FAIL_MAX) { #ifdef WITH_AIXAUTHENTICATE - loginfailed(user,get_canonical_hostname(),"ssh"); + loginfailed(authctxt->user,get_canonical_hostname(),"ssh"); #endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, authctxt->user); }

...hat authentication is needed. */ @@ -408,8 +406,12 @@ client_user = NULL; } - if (attempt > AUTH_FAIL_MAX) + if (attempt > AUTH_FAIL_MAX) { +#ifdef WITH_AIXAUTHENTICATE + loginfailed(pw->pw_name,get_canonical_hostname(),"ssh"); +#endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); + } /* Send a message indicating that the authentication attempt failed. */ packet_start(SSH_SMSG_FAILURE); @@ -430,7 +432,7 @@ unsigned int ulen; char *user; #ifdef WITH_AIXAUTHENTICATE - char *loginmsg; + extern char *aixloginmsg; #endif /* WITH_AIXA...

...ew Fri May 11 16:07:29 2001 *************** *** 2623,2629 **** snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d", channel_forwarded_auth_socket_dir, (int) getpid()); ! if (atexit(cleanup_socket) < 0) { int saved = errno; cleanup_socket(); packet_disconnect("socket: %.100s", strerror(saved)); --- 2623,2633 ---- snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d", channel_forwarded_auth_socket_dir, (int) getpid()); ! /* This is bad...on_exit requires 2 parameters, whereas ! at_exit only takes on...

Folks, During testing, we found a couple of issues with openssh3.0.2p1: 1. In userauth_finish() in auth2.c (as well as in do_authloop in auth1.c), the foll. check: if (authctxt->failures++ > AUTH_FAIL_MAX) is never satisfied and thus packet_disconnect() never gets called. I suspect the code just drops out of the dispatch_run function list instead. This should be an == instead of >. While looking at the debug output when deliberately entering wrong passwords, I noticed one try for none, three for password, and then three for keyboard-interacti...

Hi, Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange problem that Core-SDI described ? ( I noticed that fix is already in openbsd tree ). -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

When I encounter the problem with TCP port forwarding locking up, I'll see this on the client window (if I haven't invoked ssh with -q): chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected This is with Blowfish encryption. I have to kill and restart the client when this happens. Phil

...51,24 +1551,41 @@ get_remote_port(), user); -#ifdef HAVE_LIBPAM - do_pam_account_and_session(pw->pw_name, client_user); +#ifndef HAVE_LIBPAM + if (authenticated) + return; - /* Clean up */ - if (client_user != NULL) - xfree(client_user); + if (attempt > AUTH_FAIL_MAX) + packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); +#else /* HAVE_LIBPAM */ + if (authenticated) { + do_pam_account_and_session(pw->pw_name, client_user); - if (password != NULL) { - memset(password, 0, strlen(password)); - xfree(password); - } -#endif /* HAVE_LIBPAM */ + /* Clean up */ + if (client...

Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html This Mrdkaaa character claims to have exploited this, but does not say how. The issue is that if do_pam_account() fails, do_authloop() will call packet_disconnect() with loginmsg as the format string (classic printf(foo) instead of printf("%s", foo) bug). The stuff that do_authloop() appends to loginmsg is harmless (the user name is safe, since at this point we know the account exists). The question is, what does loginmsg contain before do_authlo...

...----- next part -------------- --- auth2-pam.c.orig Wed Jun 27 09:43:43 2001 +++ auth2-pam.c Wed Jun 27 09:44:54 2001 @@ -137,8 +137,8 @@ if (authctxt == NULL) fatal("input_userauth_info_response_pam: no authentication context"); - if (authctxt->attempt++ >= AUTH_FAIL_MAX) - packet_disconnect("too many failed userauth_requests"); + if (authctxt->failures >= AUTH_FAIL_MAX) + packet_disconnect(AUTH_FAIL_MSG, authctxt->user); nresp = packet_get_int(); /* Number of responses. */ debug("got %d responses", nresp);

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

...is + * not set */ + if (max_time_seconds>0) { + tv.tv_sec=max_time_seconds; + tv.tv_usec=0; + tvp=&tv; + } else + tvp = NULL; + } else { tv.tv_sec = max_time_milliseconds / 1000; tv.tv_usec = 1000 * (max_time_milliseconds % 1000); tvp = &tv; @@ -301,7 +329,22 @@ packet_disconnect( "No open channels after timeout!"); } - } + } + + if (options.idletimeout>0) { + /* Reset idletimeout if something happened. + * NOTE: events events happening while there is + * active client_alive_timeouts are ignored. This way + * client_alive messages won't re...

...verloop.c Fri Feb 8 12:07:17 2002 --- openssh-3.1p1-peter/serverloop.c Mon Mar 18 22:01:02 2002 *************** *** 673,679 **** /* We no longer want our SIGCHLD handler to be called. */ mysignal(SIGCHLD, SIG_DFL); ! wait_pid = waitpid(-1, &wait_status, 0); if (wait_pid == -1) packet_disconnect("wait: %.100s", strerror(errno)); else if (wait_pid != pid) --- 673,681 ---- /* We no longer want our SIGCHLD handler to be called. */ mysignal(SIGCHLD, SIG_DFL); ! while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0 && errno == EINTR) ! ; ! if (wait...

...--- http://www.monkey.org/~dugsong/ --- old/session.c Sat Dec 1 18:37:08 2001 +++ session.c Tue Feb 12 00:03:37 2002 @@ -437,7 +437,6 @@ session_proctitle(s); #if defined(USE_PAM) - do_pam_session(s->pw->pw_name, NULL); do_pam_setcred(1); if (is_pam_password_change_required()) packet_disconnect("Password change required but no " @@ -494,6 +493,9 @@ #endif /* USE_PIPES */ /* Do processing for the child (exec command etc). */ +#if defined(USE_PAM) + do_pam_session(s->pw->pw_name, NULL); +#endif /* USE_PAM */ do_child(s, command); /* NOTREACHED */ } @@ -555,7 +5...

...teway_ports ? AI_PASSIVE : 0; hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", listen_port); - if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) + if (getaddrinfo(gateway_ports ? NULL : "127.0.0.1", strport, &hints, &aitop) != 0) packet_disconnect("getaddrinfo: fatal error"); for (ai = aitop; ai; ai = ai->ai_next) {

...1.1.1.7 diff -c -r1.1.1.7 session.c *** session.c 2002/03/08 07:55:51 1.1.1.7 --- session.c 2002/03/19 15:17:52 *************** *** 572,590 **** --- 572,594 ---- if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); #endif + debug("parent+"); if (pid < 0) packet_disconnect("fork failed: %.100s", strerror(errno)); s->pid = pid; + debug("parent++"); /* Parent. Close the slave side of the pseudo tty. */ close(ttyfd); + debug("parent+++"); /* * Create another descriptor of the pty master side for use as the * st...

...fatal("input_userauth_request: no authctxt"); - if (authctxt->attempt++ >= AUTH_FAIL_MAX) { -#ifdef WITH_AIXAUTHENTICATE - loginfailed(authctxt->user?authctxt->user:"NOUSER", - get_canonical_hostname(), "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ - packet_disconnect("too many failed userauth_requests"); - } - user = packet_get_string(NULL); service = packet_get_string(NULL); method = packet_get_string(NULL); debug("userauth-request for user %s service %s method %s", user, service, method); - debug("attempt #%d", authctxt-&...

...packet_read(&payload_len); /* Expect reply from server */ + switch (type) { + case SSH2_MSG_REQUEST_SUCCESS: + success = 1; + break; + case SSH2_MSG_REQUEST_FAILURE: + log("Warning: Server doesn't do port forwarding."); + break; + default: + /* Unknown packet */ + packet_disconnect("Protocol error for port forward request: received packet type %d.", type); + } + + } + else { + /* Protocol 1 */ packet_start(SSH_CMSG_PORT_FORWARD_REQUEST); packet_put_int(listen_port); packet_put_cstring(host_to_connect); packet_put_int(port_to_connect); packet_send()...

...urns only if *************** *** 1142,1148 **** /* Check if the user is logging in as root and root logins are disallowed. */ if (pw->pw_uid == 0 && !options.permit_root_login) { ! if (forced_command) log("Root login accepted for forced command."); else packet_disconnect("ROOT LOGIN REFUSED FROM %.200s", --- 1155,1161 ---- /* Check if the user is logging in as root and root logins are disallowed. */ if (pw->pw_uid == 0 && !options.permit_root_login) { ! if (forced_command) log("Root login accepted for forced command.&quot...