search for: parse_flag

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; if (options.rsa_authentication) auth_mask |= 1 << SSH_AUTH_RSA; Now, in servconf.c, options.rhosts_authentication is set to 0 if IgnoreRhosts is no: case sIgnoreRhosts: intptr = &options->ignore_rhosts; parse_flag: cp = strtok(NULL, WHITESPACE); fprintf(stderr, "sIgnoreRhosts triggered as %s\n", cp); if (!cp) { fprintf(stderr, "%s line %d: missing yes/no argument.\n", filename, linenum); exit(1); } if (strcmp(cp, "yes") ==...

...chpad.net/bugs/1656557 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: cjwatson at debian.org The pure yes/no options in sshd that are handled by parse_flag are case-sensitive. For example, "PasswordAuthentication yes" is accepted while "PasswordAuthentication Yes" is not. This seems unnecessarily picky, since the meaning is unambiguous and it's an easy mistake for users to make. It's also at variance with (1) all the opt...

...-254,4 +258,5 @@ static struct { { "listenaddress", sListenAddress }, { "printmotd", sPrintMotd }, + { "printlastlog", sPrintLastLog }, { "ignorerhosts", sIgnoreRhosts }, { "ignoreuserknownhosts", sIgnoreUserKnownHosts }, @@ -555,4 +560,8 @@ parse_flag: case sPrintMotd: intptr = &options->print_motd; + goto parse_flag; + + case sPrintLastLog: + intptr = &options->print_lastlog; goto parse_flag; Index: session.c --- session.c.prev +++ session.c Thu Feb 22 20:59:45 2001 @@ -708,8 +708,10 @@ do_login(Session *s, cons...

...references to GNATS on www.openbsd.com or www.openssh.com. How do I submit a patch to it? - Dave Dykstra --- readconf.c.O Fri Oct 26 10:45:15 2001 +++ readconf.c Fri Oct 26 11:42:22 2001 @@ -296,28 +296,44 @@ /* NOTREACHED */ case oForwardAgent: intptr = &options->forward_agent; -parse_flag: +parse_yesnowarn: arg = strdelim(&s); if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing yes/no argument.", filename, linenum); + fatal("%.200s line %d: Missing yes/no/warn argument.", + filename, linenum); value = 0; /* To avoid compile...

...erberostgtpassing", oKerberosTgtPassing }, #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) { "afstokenpassing", oAFSTokenPassing }, #endif { "fallbacktorsh", oFallBackToRsh }, @@ -368,7 +368,7 @@ intptr = &options->kerberos_tgt_passing; goto parse_flag; #endif -#ifdef AFS +#if defined(AFS) && defined(KRB4) case oAFSTokenPassing: intptr = &options->afs_token_passing; goto parse_flag; @@ -757,7 +757,7 @@ #if defined(AFS) || defined(KRB5) options->kerberos_tgt_passing = -1; #endif -#ifdef AFS +#if defined(AFS) &&am...

...swd }, + { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, { "keepalive", sKeepAlives }, @@ -670,6 +674,10 @@ case sEmptyPasswd: intptr = &options->permit_empty_passwd; + goto parse_flag; + + case sPermitUserEnvironment: + intptr = &options->permit_user_env; goto parse_flag; case sUseLogin: --- auth-options.c 21 Jul 2002 18:32:20 -0000 1.25 +++ auth-options.c 24 Jul 2002 16:55:25 -0000 @@ -133,7 +133,8 @@ goto next_option; } cp = "environment=\"&q...

...ion", sRSAHostOtherAuthentication }, { "dsaauthentication", sDSAAuthentication }, #ifdef KRB4 { "kerberosauthentication", sKerberosAuthentication }, *************** *** 457,462 **** --- 462,471 ---- intptr = &options->rhosts_rsa_authentication; goto parse_flag; + case sRSAHostOtherAuthentication: + intptr = &options->rsa_host_other_authentication; + goto parse_flag; + case sRSAAuthentication: intptr = &options->rsa_authentication; goto parse_flag; diff -c openssh-2.1.1p4.orig/servconf.h openssh-2.1.1p4/servconf.h *...

...t;, sChallengeResponseAuthentication }, /* alias */ + { "challengeresponseauthenticationfirst", sChallengeResponseAuthenticationFirst }, { "checkmail", sDeprecated }, { "listenaddress", sListenAddress }, { "printmotd", sPrintMotd }, @@ -679,6 +688,10 @@ parse_flag: case sChallengeResponseAuthentication: intptr = &options->challenge_response_authentication; + goto parse_flag; + + case sChallengeResponseAuthenticationFirst: + intptr = &options->challenge_response_authentication_first; goto parse_flag; case sPrintMotd: Index: servc...

...er", oControlMaster }, + { "controlpersist", oControlPersist }, { "hashknownhosts", oHashKnownHosts }, { NULL, oBadOption } }; @@ -818,6 +819,10 @@ parse_int: *intptr = value; break; + case oControlPersist: + intptr = &options->control_persist; + goto parse_flag; + case oHashKnownHosts: intptr = &options->hash_known_hosts; goto parse_flag; --- openssh/readconf.h~ 2005-06-16 04:19:42.000000000 +0100 +++ openssh/readconf.h 2005-06-23 11:02:01.000000000 +0100 @@ -112,6 +112,7 @@ typedef struct { char *control_path; int control_master; + i...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...ictHostKeyChecking }, + { "serverlieswarning", oServerLiesWarning }, { "compression", oCompression }, { "compressionlevel", oCompressionLevel }, { "keepalive", oKeepAlives }, @@ -402,6 +403,10 @@ intptr = &options->verify_host_key_dns; goto parse_flag; + case oServerLiesWarning: + intptr = &options->server_lies_warning; + goto parse_flag; + case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; arg = strdelim(&s); @@ -856,6 +861,7 @@ options->no_host_authentication_for_localhost = - 1; opti...

Dear all, I want to add a new option "newoption" to the sshd server, I have just add some codes in servconf.h and servconf.c like the other options. But it seems that the "newoption" can not be enable,when i set the "newoption" to "yes" in sshd_config file. I have add a debug message in main function of sshd.c .... debug("main sshd

...ep = 1; - #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " @@ -242,6 +244,7 @@ fill_default_server_options(ServerOption options->compression = 0; } #endif +#endif } @@ -799,10 +802,11 @@ parse_flag: intptr = &options->allow_tcp_forwarding; goto parse_flag; +#ifdef USE_PRIVSEP case sUsePrivilegeSeparation: intptr = &use_privsep; goto parse_flag; - +#endif case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->nu...

...dDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, +#ifdef HASH_KNOWN_HOSTS + { "hashknownhosts", oHashKnownHosts }, +#endif { NULL, oBadOption } }; @@ -380,6 +386,12 @@ parse_flag: intptr = &options->check_host_ip; goto parse_flag; +#ifdef HASH_KNOWN_HOSTS + case oHashKnownHosts: + intptr = &options->hash_known_hosts; + goto parse_flag; +#endif + case oStrictHostKeyChecking: intptr = &options->strict_host...

...rt: $MD5_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" diff -urN openssh-2.3.0p1/readconf.c openssh-2.3.0p1-tis/readconf.c --- openssh-2.3.0p1/readconf.c Sat Oct 14 07:23:12 2000 +++ openssh-2.3.0p1-tis/readconf.c Thu Dec 7 18:38:42 2000 @@ -313,7 +313,7 @@ goto parse_flag; case oTISAuthentication: - /* fallthrough, there is no difference on the client side */ + /* fallthrough */ case oSkeyAuthentication: intptr = &options->skey_authentication; goto parse_flag; diff -urN openssh-2.3.0p1/servconf.c openssh-2.3.0p1-tis/servconf.c --- openssh-2.3.0p...

...oKeepAlives }, + { "keepaliveforward", oKeepAlivesForward }, { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "loglevel", oLogLevel }, { "dynamicforward", oDynamicForward }, @@ -394,6 +395,10 @@ intptr = &options->keepalives; goto parse_flag; + case oKeepAlivesForward: + intptr = &options->keepalives_forward; + goto parse_flag; + case oNumberOfPasswordPrompts: intptr = &options->number_of_password_prompts; goto parse_int; @@ -738,6 +743,7 @@ options->strict_host_key_checking = -1; options->compressio...

...p;options->hostname != NULL && + match_pattern(options->hostname, arg))) { if (negated) { debug("%.200s line %d: Skipping Host " "block because of negated match " @@ -970,6 +973,10 @@ intptr = &options->hash_known_hosts; goto parse_flag; + case oMatchHostName: + intptr = &options->match_host_name; + goto parse_flag; + case oTunnel: intptr = &options->tun_open; arg = strdelim(&s); @@ -1207,6 +1214,7 @@ options->control_persist = -1; options->control_persist_timeout = 0; options->hash_kno...

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of