search for: packet_get_string

...+ #else if (connect(sock, (struct sockaddr *) hostaddr, + #endif sizeof(*hostaddr)) >= 0) { /* Successful connection. */ restore_uid(); *************** *** 916,922 **** debug("No challenge for skey authentication."); return 0; } ! challenge = packet_get_string(&payload_len); if (options.cipher == SSH_CIPHER_NONE) log("WARNING: Encryption is disabled! " "Reponse will be transmitted in clear text."); --- 949,955 ---- debug("No challenge for skey authentication."); return 0; } ! challenge = packet...

Using openssh-SNAP-20001016 all of our problems with hanging connections have gone away (woohoo!), and it seems to be working flawlessly, but I am seeing messages like this in syslog: Oct 24 16:57:48 dhumb301 sshd[17752]: error: channel 0: internal error: we do not read, but chan_read_failed for istate 8 Oct 24 16:57:59 dhumb301 sshd[17771]: error: select: Bad file descriptor Oct 24 16:58:30

Hello I have few questions about openssh... 1/ there is probably bug in auth-password.c in auth_password function if (pw->pw_uid == 0 && options.permit_root_login == 2) return 0; if (*password == '\0' && options.permit_empty_passwd == 0) return 0; /* deny if no user. */ if (pw == NULL) <----------- this should be first checked .... return 0; 2/ do I have

Hi, Is it possible to determine the login shell (eg, /usr/bin/ksh or /usr/ace/prog/sdshell) from the ssh client? Is there a function call I can do or would I need to do this with a packet_get_string? TIA. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020817/67d60b01/attachment.html

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of

...; } else { buffer_free(&msg); diff -bur openssh-3.7.1p2.orig/auth2-hostbased.c openssh-3.7.1p2/auth2-hostbased.c --- openssh-3.7.1p2.orig/auth2-hostbased.c Sat Jun 28 04:38:02 2003 +++ openssh-3.7.1p2/auth2-hostbased.c Tue Oct 7 08:21:59 2003 @@ -60,10 +60,10 @@ return 0; } pkalg = packet_get_string(&alen); - pkblob = packet_get_string(&blen); + pkblob = packet_get_binary(&blen); chost = packet_get_string(NULL); cuser = packet_get_string(NULL); - sig = packet_get_string(&slen); + sig = packet_get_binary(&slen); debug("userauth_hostbased: cuser %s chost %s pkalg...

.../cvs/openssh/sshconnect2.c,v retrieving revision 1.127 diff -d -u -r1.127 sshconnect2.c --- sshconnect2.c 15 Jun 2004 00:30:09 -0000 1.127 +++ sshconnect2.c 22 Jun 2004 22:22:43 -0000 @@ -767,11 +767,13 @@ "no authentication context"); info = packet_get_string(NULL); - lang = packet_get_string(NULL); + if (!(datafellows & SSH_BUG_PWDCHGREQ)) { + lang = packet_get_string(NULL); + xfree(lang); + } if (strlen(info) > 0) logit("%s", info); xfree(info); - xfre...

...uct passwd *pw; - - if (++attempt == AUTH_FAIL_MAX) - packet_disconnect("too many failed userauth_requests"); +#ifdef WITH_AIXAUTHENTICATE + extern char *aixloginmsg; +#endif /* WITH_AIXAUTHENTICATE */ raw = packet_get_raw(&rlen); if (plen != rlen) @@ -164,6 +164,12 @@ user = packet_get_string(&len); service = packet_get_string(&len); method = packet_get_string(&len); + if (++attempt == AUTH_FAIL_MAX) { +#ifdef WITH_AIXAUTHENTICATE + loginfailed(user,get_canonical_hostname(),"ssh"); +#endif /* WITH_AIXAUTHENTICATE */ + packet_disconnect("too many failed...

...o Huuskonen: This is called when server receives + * SSH2_MSG_GLOBAL_REQUEST. Handles both "tcpip-forward" and + * "cancel-tcpip-forward" requests. + */ +void +channel_server_global_request(int type, int plen) +{ + char *rtype; + char want_reply; + int success = 0; + + rtype = packet_get_string(NULL); + want_reply = packet_get_char(); + debug("server received: %.100s request (reply=%d)",rtype, + (int)want_reply); + + if ( strcmp(rtype, "tcpip-forward") == 0 ) { + char *address_to_bind; + int port_to_bind; + address_to_bind = packet_get_string(NULL); + port_to_...

...This is called when server receives + * SSH2_MSG_GLOBAL_REQUEST. Handles both "tcpip-forward" and + * "cancel-tcpip-forward" requests. + */ +void +channel_server_global_request(int type, int plen, void *ctxt) +{ + char *rtype; + char want_reply; + int success = 0; + + rtype = packet_get_string(NULL); + want_reply = packet_get_char(); + + if ( strcmp(rtype, "tcpip-forward") == 0 ) { + char *address_to_bind; + int port_to_bind; + + address_to_bind = packet_get_string(NULL); + port_to_bind = packet_get_int(); + + /* Check if the client is allowed to forward (this port) */ +...

...tempt++ >= AUTH_FAIL_MAX) { -#ifdef WITH_AIXAUTHENTICATE - loginfailed(authctxt->user?authctxt->user:"NOUSER", - get_canonical_hostname(), "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ - packet_disconnect("too many failed userauth_requests"); - } - user = packet_get_string(NULL); service = packet_get_string(NULL); method = packet_get_string(NULL); debug("userauth-request for user %s service %s method %s", user, service, method); - debug("attempt #%d", authctxt->attempt); + debug("attempt #%d of %d", authctxt->attempt, AUTH_FA...

...t, nothing. Poking around the source, I found this little routine in session.c (it appears to be identical to the same routine in the OpenBSD source, so it's not a porting issue): int session_subsystem_req(Session *s) { unsigned int len; int success = 0; char *subsys = packet_get_string(&len); packet_done(); log("subsystem request for %s", subsys); xfree(subsys); return success; } To my eyes, this looks like a planned no-op. Markus Friedl earlier reported that, as of late April, sftp was still on the to-do list. What about the future (or...

...========================= RCS file: /cvs/openssh/sshconnect2.c,v retrieving revision 1.127 diff -d -u -r1.127 sshconnect2.c --- sshconnect2.c 15 Jun 2004 00:30:09 -0000 1.127 +++ sshconnect2.c 17 Jun 2004 22:02:55 -0000 @@ -767,11 +767,13 @@ "no authentication context"); info = packet_get_string(NULL); - lang = packet_get_string(NULL); + if (!(datafellows & SSH_BUG_PWDCHGREQ)) { + lang = packet_get_string(NULL); + xfree(lang); + } if (strlen(info) > 0) logit("%s", info); xfree(info); - xfree(lang); packet_start(SSH2_MSG_USERAUTH_REQUEST); packet_put_cstring(au...

Hello, Was looking in the archives... and haven't seen this one listed. When I compile openssh-1.2pre17 on AIX v4.3.3 with the native compiler I get the following errors. I haven't see this __attribute__ code.. What compiler/libraries are needed to compile this? I have seen that people have compiled openssh on AIX.. Just wondering what you have used. # make cc -g

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

...+++ sshconnect2.c Mon Apr 22 16:18:58 2002 @@ -57,6 +57,7 @@ /* import */ extern char *client_version_string; extern char *server_version_string; +extern int supress_banner; extern Options options; /* @@ -320,7 +321,10 @@ debug3("input_userauth_banner"); msg = packet_get_string(NULL); lang = packet_get_string(NULL); - fprintf(stderr, "%s", msg); + if (supress_banner == 1) + debug3("noninteractive shell; banner supressed."); + else + fprintf(stderr, "%s", msg); xfree(msg);...

...77,386 **** --- 377,387 ---- void input_userauth_banner(int type, u_int32_t seq, void *ctxt) { char *msg, *raw, *lang; u_int len; debug3("input_userauth_banner"); + if (!isatty(1) || !isatty(2)) return; raw = packet_get_string(&len); lang = packet_get_string(NULL); if (options.log_level >= SYSLOG_LEVEL_INFO) { what i think this will accomplish is that if one of the ssh client programs is called normally by a user, the banner will be displayed. if however either stdout or stderr is redirect...

...Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & #707. ok markus@ The relevant code is in sshconnect2.c: input_userauth_banner(int type, u_int32_t seq, void *ctxt) { char *msg, *lang; debug3("input_userauth_banner"); msg = packet_get_string(NULL); lang = packet_get_string(NULL); if (options.log_level > SYSLOG_LEVEL_QUIET) fprintf(stderr, "%s", msg); xfree(msg); xfree(lang); } Was this change in the log level at which the banner prints intentional? When ssh is used inside s...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...ct-streamlocal) it appends the remote IP add and port, even though these values are not applicable in the direct-streamlocal case. This may be difficult to fix in a backward-compatible manner, since the code in serverloop.c actually seems to be expecting to get a host & port: target = packet_get_string(NULL); originator = packet_get_string(NULL); originator_port = packet_get_int(); packet_check_eom(); So, perhaps the right thing here is to update the documentation in PROTOCOL to match the current implementation. It seems odd to send this information when it looks like it...