search for: packet_get_char

...ength_ptr) /* Old API, that had to be reimplemented */ -void -packet_set_connection(int fd_in, int fd_out) -{ - active_state = ssh_packet_set_connection(active_state, fd_in, fd_out); - if (active_state == NULL) - fatal("%s: ssh_packet_set_connection failed", __func__); -} - u_int packet_get_char(void) { diff --git a/opacket.h b/opacket.h index c6e5124..d711468 100755 --- a/opacket.h +++ b/opacket.h @@ -38,7 +38,6 @@ do { \ void packet_close(void); u_int packet_get_char(void); u_int packet_get_int(void); -void packet_set_connection(int, int); int packet_read_seqnr(u_int32_...

...""); #else /* !HAVE_OSF_SIA && !USE_PAM */ return auth_password(pw, ""); #endif /* USE_PAM */ @@ -273,10 +261,6 @@ int authenticated = 0; int change; unsigned int len; -#ifdef HAVE_OSF_SIA - extern int saved_argc; - extern char **saved_argv; -#endif change = packet_get_char(); if (change) log("password change not supported"); @@ -286,9 +270,7 @@ #ifdef USE_PAM auth_pam_password(pw, password) == 1) #elif defined(HAVE_OSF_SIA) - sia_validate_user(NULL, saved_argc, saved_argv, - get_canonical_hostname(), pw->pw_name, NULL, 0, - NULL,...

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

...userauth_pubkey: disabled because of invalid user"); return 0; } + + /* check to see if the user is allowed to use pubkey authentication */ + if (!pubkey_allowed_user(authctxt->pw)) { + debug2("userauth_pubkey: user not allowed pubkey auth"); + return 0; + } + have_sig = packet_get_char(); if (datafellows & SSH_BUG_PKAUTH) { debug2("userauth_pubkey: SSH_BUG_PKAUTH"); @@ -796,3 +805,24 @@ return (host_status == HOST_OK); } + + +/* + * Check if the user is allowed to log in with public key authentication. + */ +static int pubkey_allowed_user(struct passwd *pw...

...* SSH2_MSG_GLOBAL_REQUEST. Handles both "tcpip-forward" and + * "cancel-tcpip-forward" requests. + */ +void +channel_server_global_request(int type, int plen, void *ctxt) +{ + char *rtype; + char want_reply; + int success = 0; + + rtype = packet_get_string(NULL); + want_reply = packet_get_char(); + + if ( strcmp(rtype, "tcpip-forward") == 0 ) { + char *address_to_bind; + int port_to_bind; + + address_to_bind = packet_get_string(NULL); + port_to_bind = packet_get_int(); + + /* Check if the client is allowed to forward (this port) */ + if ( port_to_bind < IPPORT_RESERVE...

...receives + * SSH2_MSG_GLOBAL_REQUEST. Handles both "tcpip-forward" and + * "cancel-tcpip-forward" requests. + */ +void +channel_server_global_request(int type, int plen) +{ + char *rtype; + char want_reply; + int success = 0; + + rtype = packet_get_string(NULL); + want_reply = packet_get_char(); + debug("server received: %.100s request (reply=%d)",rtype, + (int)want_reply); + + if ( strcmp(rtype, "tcpip-forward") == 0 ) { + char *address_to_bind; + int port_to_bind; + address_to_bind = packet_get_string(NULL); + port_to_bind = packet_get_int(); + + /* Check...

...t) +{ + Buffer b; + Key *key = NULL; + char *pkalg; + u_char *pkblob, *sig, *cert; + u_int alen, blen, slen, clen; + int have_sig, pktype; + int authenticated = 0; + + if (!authctxt->valid) { + debug2("userauth_certkey: disabled because of invalid user"); + return 0; + } + have_sig = packet_get_char(); + if (datafellows & SSH_BUG_PKAUTH) { + debug2("userauth_certkey: SSH_BUG_PKAUTH"); + /* no explicit pkalg given */ + pkblob = packet_get_string(&blen); + buffer_init(&b); + buffer_append(&b, pkblob, blen); + /* so we have to extract the pkalg from the pkblob */ +...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |