search for: packet_put_cstr

...h for someone else and now there seems to be some other problem with using PAM from sshd on my system, so consider it untested. --CUT-- --- auth2-pam.c.old Fri Mar 21 11:10:57 2003 +++ auth2-pam.c Thu Mar 27 10:52:08 2003 @@ -84,7 +84,14 @@ packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); packet_put_cstring(""); /* Name */ - packet_put_cstring(""); /* Instructions */ + + if (text) { + packet_put_cstring(text); + xfree(text); + text = NULL; + } else + packet_put_cstring(""); /* Instructions */ + packet_put_cstring("");...

...uint32 sender channel uint32 initial window size uint32 maximum packet size string socket path However, the implementation tacks some additional data to the end: packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring(rtype); packet_put_int(c->self); packet_put_int(c->local_window_max); packet_put_int(c->local_maxpacket); if (strcmp(rtype, "direct-tcpip") == 0) { /* target host, port */...

...].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; - /* Send the forward request to the remote side. */ if (compat20) { const char *address_to_bind = "0.0.0.0"; packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); - packet_put_char(0); /* boolean: want reply */ + /* Ask for reply so we know to expect 'forwarded-tcpip' messages */ + packet_put_char(1); /* Boolean 1 asks for reply */ packet_put_cstring(address_to_bind); packet_put_int(listen_port); - } else { +...

...ype == SSH2_CHANNEL_PORT_LISTENER) ? + "forwarded-tcpip" : "direct-tcpip", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, xstrdup(buf)); if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN); - packet_put_cstring("direct-tcpip"); + if (c->type == SSH2_CHANNEL_PORT_LISTENER) + packet_put_cstring("forwarded-tcpip"); + else + packet_put_cstring("direct-tcpip"); packet_put_int(newch); packet_put_int(c->local_window_max); packet_put_int(c->local_max...

...;type == SSH2_CHANNEL_PORT_LISTENER) ? + "forwarded-tcpip" : "direct-tcpip", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, 0, xstrdup(buf), 1); if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN); - packet_put_cstring("direct-tcpip"); + if (c->type == SSH2_CHANNEL_PORT_LISTENER) + packet_put_cstring("forwarded-tcpip"); + else + packet_put_cstring("direct-tcpip"); packet_put_int(newch); packet_put_int(c->local_window_max); packet_put_int(c->local_max...

I am testing with a 5.4p1 client and have noticed, on the server side, that sometimes an SSH_MSG_DISCONNECT message is received with the following 28-byte long payload: 0x00 0x00 0x00 0x0b Reason: SSH_DISCONNECT_BY_APPLICATION 0x00 0x00 0x00 0x14 Description string length: 20 bytes 0x64 0x69 0x73 0x63 0x6f 0x6e 0x6e 0x65

...init(xxx_kex); need_rekeying = 0; + } + if (send_signal == 2) { + send_signal = 0; + signame = sig2name(received_signal); + debug("Sending SIG%s to the remote host.", + signame); + packet_start(SSH2_MSG_CHANNEL_REQUEST); + packet_put_int(session_ident); + packet_put_cstring("signal"); + packet_put_char(0); + packet_put_cstring(signame); + packet_send(); } } Index: session.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/session.c,v retrieving revision 1.108 diff -u -r1.108 session.c ---...

...(pamh, 0); + if (pam_err != PAM_SUCCESS) + goto auth_fail; + pam_send(ctxt, "=OK"); + pam_end(pamh, pam_err); + exit(0); + auth_fail: + pam_send(ctxt, "!%s", pam_strerror(pamh, pam_err)); + pam_end(pamh, pam_err); + exit(0); +} - packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); - packet_put_cstring(""); /* Name */ - packet_put_cstring(""); /* Instructions */ - packet_put_cstring(""); /* Language */ - packet_put_int(context_pam2.num_expected); - - for (i = 0, j = 0; i < num_msg; i++) { - int style = PAM_MSG_MEMBER(msg, i, msg_style); - - /* Skip messages w...

...sg; +extern int compat20; #define __unused @@ -421,13 +423,9 @@ sshpam_query(void *ctx, char **name, cha case PAM_AUTH_ERR: if (**prompts != NULL) { /* drain any accumulated messages */ -#if 0 /* XXX - not compatible with privsep */ - packet_start(SSH2_MSG_USERAUTH_BANNER); - packet_put_cstring(**prompts); - packet_put_cstring(""); - packet_send(); - packet_write_wait(); -#endif + debug("%s: %s", __func__, **prompts); + buffer_append(&loginmsg, **prompts, + strlen(**prompts)); xfree(**prompts); **prompts = NULL; } @@ -551,21 +...

...fellows & SSH_BUG_PWDCHGREQ)) { + lang = packet_get_string(NULL); + xfree(lang); + } if (strlen(info) > 0) logit("%s", info); xfree(info); - xfree(lang); packet_start(SSH2_MSG_USERAUTH_REQUEST); packet_put_cstring(authctxt->server_user); packet_put_cstring(authctxt->service);

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of

...d(ctxt, "e%s", msg[i]->msg);*/ break; + case PAM_TEXT_INFO: + /*sshpam_send(ctxt, "i%s", msg[i]->msg);*/ + break; + default: + goto fail; } } - - if (context_pam2.num_expected == 0) - return PAM_SUCCESS; - - packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); - packet_put_cstring(""); /* Name */ - packet_put_cstring(""); /* Instructions */ - packet_put_cstring(""); /* Language */ - packet_put_int(context_pam2.num_expected); - - for (i = 0, j = 0; i < num_msg; i++) { - int style = PAM_MSG_MEMBER(msg, i, msg_style); - - /* Skip message...

...d(ctxt, "e%s", msg[i]->msg);*/ + break; + case PAM_TEXT_INFO: + /*sshpam_send(ctxt, "i%s", msg[i]->msg);*/ break; + default: + goto fail; } } - - if (context_pam2.num_expected == 0) - return PAM_SUCCESS; - - packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); - packet_put_cstring(""); /* Name */ - packet_put_cstring(""); /* Instructions */ - packet_put_cstring(""); /* Language */ - packet_put_int(context_pam2.num_expected); - - for (i = 0, j = 0; i < num_msg; i++) { - int style = PAM_MSG_MEMBER(msg, i, msg_style); - - /* Skip message...

...o = packet_get_string(NULL); - lang = packet_get_string(NULL); + if (!(datafellows & SSH_BUG_PWDCHGREQ)) { + lang = packet_get_string(NULL); + xfree(lang); + } if (strlen(info) > 0) logit("%s", info); xfree(info); - xfree(lang); packet_start(SSH2_MSG_USERAUTH_REQUEST); packet_put_cstring(authctxt->server_user); packet_put_cstring(authctxt->service); [1] http://www.ietf.org/internet-drafts/draft-ietf-secsh-userauth-21.txt

https://bugzilla.mindrot.org/show_bug.cgi?id=2057 Bug ID: 2057 Summary: ssh should treat "Received disconnect" messages as errors Classification: Unclassified Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: minor Priority:

...init(xxx_kex); need_rekeying = 0; + } + if (send_signal == 2) { + send_signal = 0; + signame = sig2name(received_signal); + debug("Sending SIG%s to the remote host.", + signame); + packet_start(SSH2_MSG_CHANNEL_REQUEST); + packet_put_int(session_ident); + packet_put_cstring("signal"); + packet_put_char(0); + packet_put_cstring(signame); + packet_send(); } } Index: session.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/session.c,v retrieving revision 1.122 diff -u -r1.122 session.c ---...

...ss, + "Permission denied, please try again:"); + else + password = ssh_askpass(askpass, prompt); + } else { + if (attempt != 1) + error("Permission denied, please try again."); + password = read_passphrase(prompt, 0); + } packet_start(SSH2_MSG_USERAUTH_REQUEST); packet_put_cstring(server_user); packet_put_cstring(service); @@ -374,6 +388,8 @@ Key *k; int ret = 0; struct stat st; + int interactive = isatty(STDIN_FILENO); + char *askpass = NULL; if (stat(filename, &st) != 0) { debug("key does not exist: %s", filename); @@ -389,7 +405,15 @@ sn...

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

I'm trying to change my local setup from ssh2 to openssh-2.3.0p1. I need captive comands and specific environments for each key, i.e. the "command=XXX" and "environment=X=y" options. Unfortunately I *also* need to support the existing ssh2 client for a transition period, since it's impractical to change all user's environments to openssh in one go. I have converted

...gt;= options.number_of_password_prompts) return 0; @@ -451,6 +458,8 @@ snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", authctxt->server_user, authctxt->host); password = read_passphrase(prompt, 0); + } + packet_start(SSH2_MSG_USERAUTH_REQUEST); packet_put_cstring(authctxt->server_user); packet_put_cstring(authctxt->service); -- /Peter ?strand <astrand at lysator.liu.se>