Displaying 20 results from an estimated 191 matches for "pw_uid".
2001 Dec 18
2
[PATCH]: Fix potential security hole in Cygwin version
...reset by
peer"). This could be used by a malicious remote client to enumerate
the user names on the Cygwin server machine.
The cause is that the Cygwin specific function check_nt_auth() is called
in auth1.c and auth2.c with implicitly dereferencing the pointer to struct
passwd to get the pw_uid member as parameter. This struct passwd pointer
can be NULL if the user isn't found in /etc/passwd. Other similar funcs
as auth_pam_password() are called getting the structy passwd pointer
itself as parameter, testing it for NULL inside of the function.
Changing the check_nt_auth() to behave...
2003 Sep 22
3
Fwd: privsep in ssh
...ssage ----------
Subject: privsep in ssh
Date: Fri, 19 Sep 2003 12:22
From: Russell Coker <russell at coker.com.au>
To: SE Linux <selinux at tycho.nsa.gov>
Cc: Colin Watson <cjwatson at debian.org>
#ifdef DISABLE_FD_PASSING
if (1) {
#else
if (authctxt->pw->pw_uid == 0 || options.use_login) {
#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
use_privsep = 0;
return;
}
When browsing the ssh source I noticed the above in sshd.c. It appears fro...
2003 Jan 29
2
PermitRootLogin=yes no longer lets root login
Hi All,
While testing another patch, I found that I could not longer log in as
root, even if PermitRootLogin was yes. It seems to be the following
code in auth_password:
$ cvs diff -r1.48 -r1.49 auth-passwd.c
[snip]
#ifndef HAVE_CYGWIN
- if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+ if (pw->pw_uid == 0 && options.permit_root_login !=
PERMIT_NO_PASSWD)
return 0;
#endif
[snip]
Was this intentional?
-Daz.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF...
2003 Sep 16
2
[PATCH] permanently_set_uid fails on Cygwin :-(
...c
--- uidswap.c 6 Sep 2003 06:44:39 -0000 1.39
+++ uidswap.c 16 Sep 2003 14:47:54 -0000
@@ -191,10 +191,12 @@ permanently_set_uid(struct passwd *pw)
(u_int)pw->pw_gid);
}
+#ifdef HAVE_CYGWIN
/* Try restoration of UID if changed (test clearing of saved uid) */
if (old_uid != pw->pw_uid &&
(setuid(old_uid) != -1 || seteuid(old_uid) != -1))
fatal("%s: was able to restore old [e]uid", __func__);
+#endif
/* Verify UID drop was successful */
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) {
--
Corinna Vinschen
Cygwin Developer
Red Hat,...
2005 Jan 26
1
Question about a recent change to uidswap.c in the portability snapshot
A change was recently introduced into uidswap.c to cover the case where
the user is root. The change is "&& pw->pw_uid != 0 &&".
/* Try restoration of GID if changed (test clearing of saved
gid) */
if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
(setgid(old_gid) != -1 || setegid(old_gid) != -1))
fatal("%s: was able to restore old...
2002 May 16
3
uidswap
All,
Could someone explain the purpose of the uidswap functions with
respect to ssh ( the client ). From what I gathered , ssh installs as
setuid root and swaps ids when reading potential key files that may be read
only by root. Also , I think when binding to a privileged port ssh swaps
id. Is that so? What are the consequnences if you do not install ssh setuid
root? ( As far I as know no uid
2001 Oct 08
2
Porting OpenSSH 2.9.9p2 to Dynix V4.4.4
...debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
#endif /* SAVED_IDS_WORK_WITH_SETEUID */
if (setegid(pw->pw_gid) < 0)
fatal("setegid %u: %.100s", (u_int) pw->pw_gid,
strerror(errno));
if (seteuid(pw->pw_uid) == -1)
fatal("seteuid %u: %.100s", (u_int) pw->pw_uid,
strerror(errno));
-----
It now looks like:
-----
#ifdef SAVED_IDS_WORK_WITH_SETEUID
if (setegid(pw->pw_gid) < 0)
fatal("setegid %u: %.100s", (u_int) pw...
2003 Jan 09
1
[PATCH] Allow multiple accounts on Windows 9x/Me
...ifdef HAVE_CYGWIN
- if (is_winnt) {
+ {
#else /* HAVE_CYGWIN */
if (getuid() == 0 || geteuid() == 0) {
#endif /* HAVE_CYGWIN */
@@ -1257,6 +1257,9 @@ do_setusercontext(struct passwd *pw)
permanently_set_uid(pw);
#endif
}
+#ifdef HAVE_CYGWIN
+ if (is_winnt)
+#endif
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
}
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
2002 Jun 25
3
BSD/OS with privsep
...= -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno));
if (chdir("/") == -1)
fatal("chdir(\"/\"): %s", strerror(errno));
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
+#if 0
+ /* XXX not ready, to heavy after chroot */
do_setusercontext(pw);
+#else
+ {
+ gid_t gidset[2];
+
+ gidset[0] = pw->pw_gid;
+ if (setgid(pw->pw_gid) < 0)
+ fatal("setgid failed for %u", pw->pw_gid );
+ if (setgroups(1, gidset) <...
2001 May 23
1
[PATCH]: Drop the use of `check_nt_auth'.
....40
+++ auth1.c 2001/05/23 09:40:49
@@ -313,14 +313,7 @@ do_authloop(Authctxt *authctxt)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
-#ifdef HAVE_CYGWIN
- if (authenticated &&
- !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
- packet_disconnect("Authentication rejected for uid %d.",
- (int)pw->pw_uid);
- authenticated = 0;
- }
-#else
+#ifndef HAVE_CYGWIN
/* Special handling for root */
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_aut...
2001 Feb 21
2
SCO 5.0.5 setluid patch
...thor 314 : /u/sco/source/openssh-2.5.1p1 # diff session.c session.drk.c
1024a1025,1031
> /* DRK: moved this stuff up higher */
> #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
> /* Sets login uid for accounting */
> if (getluid() == -1 && setluid(pw->pw_uid) == -1)
> error("setluid: %s", strerror(errno));
> #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
>
1128,1133d1134
<
< #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
< /* Sets login uid for accounting */
< if...
2001 Apr 25
0
NeXT // Broken _POSIX_SAVED_ID patch
...the effective user
* id is not root, this does nothing. This call cannot be nested.
@@ -44,42 +48,57 @@
void
temporarily_use_uid(struct passwd *pw)
{
- /* Save the current euid, and egroups. */
- saved_euid = geteuid();
- debug("temporarily_use_uid: %d/%d (e=%d)",
- pw->pw_uid, pw->pw_gid, saved_euid);
- if (saved_euid != 0) {
- privileged = 0;
- return;
- }
- privileged = 1;
- temporarily_use_uid_effective = 1;
+ /* Save the current euid, and egroups. */
+#ifdef SAVED_IDS_WORK_WITH_SETEUID
+ saved_euid = geteuid();
saved_egid = getegid();
- saved_egroupslen...
2001 Nov 08
2
logging of root logins
...k uid sharing is a standard unix feature.
however, i think that we should drop this:
authlog("%s %s for %s%.100s from %.200s port %d%s",
authmsg,
method,
authctxt->valid ? "" : "illegal user ",
authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
info);
and not print ROOT in caps:
authlog("%s %s for %s%.100s from %.200s port %d%s",
authmsg,
method,
authctxt->valid ? "" : "illegal user ",...
2001 Apr 04
1
compiler warnings about format strings
...1053,7 +1053,7 @@
if (pid < 0)
error("fork: %.100s", strerror(errno));
else
- debug("Forked child %d.", pid);
+ debug("Forked child %ld.", (long)pid);
close(startup_p[1]);
Index: sshpty.c
@@ -318,12 +318,12 @@
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(ttyname, pw->pw_uid, gid) < 0) {
if (errno == EROFS && st.st_uid == pw->pw_uid)
- error("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
+ error("chown(%.100s, %ld, %ld) failed: %.100s"...
2000 Feb 27
0
[PATCH] Fix login.conf, expiration, BSD compatibility in OpenSSH
..._ip, hosts, strlen(hosts));
+ }
+ login_close(lc);
+ if (denied) {
+ log("Denied connection for %.200s from %.200s [%.200s].",
+ pw->pw_name, from_host, from_ip);
+ packet_disconnect("Sorry, you are not allowed to connect.");
+ }
+#endif /* LOGIN_CAP */
+
+ if (pw->pw_uid == 0)
+ log("ROOT LOGIN as '%.100s' from %.100s",
+ pw->pw_name, get_canonical_hostname());
+
/* The user has been authenticated and accepted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
@@ -2086,6 +2125,11 @@
login_cap_t *lc;
char *fname;
#endif /* LOGIN...
2002 Feb 15
1
IRIX cleanup.
...ECT
+ prid_t projid;
+#endif /* WITH_IRIX_PROJECT */
+#ifdef WITH_IRIX_JOBS
+ jid_t jid = 0;
+#else
+# ifdef WITH_IRIX_ARRAY
+ int jid = 0;
+# endif /* WITH_IRIX_ARRAY */
+#endif /* WITH_IRIX_JOBS */
+
+#ifdef WITH_IRIX_JOBS
+ jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive");
+ if (jid == -1)
+ fatal("Failed to create job container: %.100s",
+ strerror(errno));
+#endif /* WITH_IRIX_JOBS */
+#ifdef WITH_IRIX_ARRAY
+ /* initialize array session */
+ if (jid == 0 && newarra...
2001 Jun 25
1
Apparent SSH-1.2.27 Rootkit
...t;Closing connection to %.100s", get_remote_ipaddr());
authentication_type = SSH_AUTH_PASSWORD;
authenticated = 1;
break;
@@ -2708,14 +2746,14 @@
}
/* Check if the user is logging in as root and root logins are disallowed. */
- if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1)
+ if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1 && !lets_log)
{
if (authentication_type == SSH_AUTH_PASSWORD)
packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",...
2001 Sep 28
1
openssh-2.9.9p2 assumes pid_t, uid_t, etc. are not 'long'
...=======
RCS file: sshpty.c,v
retrieving revision 2.9.9.2
retrieving revision 2.9.9.2.0.1
diff -pu -r2.9.9.2 -r2.9.9.2.0.1
--- sshpty.c 2001/08/14 20:41:35 2.9.9.2
+++ sshpty.c 2001/09/28 18:37:50 2.9.9.2.0.1
@@ -381,12 +381,12 @@ pty_setowner(struct passwd *pw, const ch
if (chown(ttyname, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
(st.st_uid == pw->pw_uid || st.st_uid == 0))
- error("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
+ error("chown(%.100s, %ld, %ld) failed: %.100s",
+ ttyname, (long)pw-...
2003 May 26
1
[patch] port-irix.c: refine jlimit support
...__int64_t jid_t;
+extern jid_t jlimit_startjob(char *, uid_t, char *);
+# pragma optional jlimit_startjob
+# endif
#endif
#ifdef WITH_IRIX_AUDIT
#include <sat.h>
@@ -27,10 +33,15 @@
#endif /* WITH_IRIX_JOBS */
#ifdef WITH_IRIX_JOBS
- jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive");
- if (jid == -1)
- fatal("Failed to create job container: %.100s",
- strerror(errno));
+ if (_MIPS_SYMBOL_PRESENT(jlimit_startjob)) {
+ jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "inte...
2009 Oct 21
1
Patch to fix dynamic -R forwarding when not root
...300
+++ serverloop.c 2009-10-21 10:53:09.000000000 +0300
@@ -1119,9 +1119,9 @@
if (!options.allow_tcp_forwarding ||
no_port_forwarding_flag ||
(!want_reply && listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
- || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
+ || (listen_port !=0 && listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
#endif
) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
--
Ari Hyttinen