search for: resolvednam

...1); + free(RestrictDirectory); + RestrictDirectory = tmp; + } + + /* It is possible, if unlikely, that the restricted directory will have been specified with + * a symlink or .. in it. That will totally blow comparisions in allowed_access(). Resolve this. + */ + if(RestrictDirectory) { + char resolvedname[MAXPATHLEN]; + char* tmp; + + if( ! realpath(RestrictDirectory, resolvedname)) + fatal("Can't get realpath on %.100s as: %s", RestrictDirectory, strerror(errno)); + + tmp = xstrdup(resolvedname); + free(RestrictDirectory); + RestrictDirectory = tmp; + } +} + +/* Check that the...

...int len = strlen(path); > int i; > for (i = len-1; i > 0; i--) { > if (*(path+i) == '/') > *(path+i) = '\0'; > else break; > } > } > 523d650 < 552d678 < 554a681,696 > name = jail_to_actual(name); > if (jail != NULL) { > char resolvedname[MAXPATHLEN]; > if (realpath(name, resolvedname) == NULL) { > send_status(id, errno_to_portable(errno)); > free(name); > return; > } > char* jailed_resolvedname = actual_to_jail(xstrdup(resolvedname)); > if (jailed_resolvedname == NULL) { > send_status(id...

...e at physik3.gwdg.de Drittes Physikalisches Institut, Univ. Goettingen Buergerstr. 42-44, D-37073 Goettingen, Germany Suggested change: *** auth2.c.ORI Wed Apr 25 14:44:15 2001 --- auth2.c Fri Sep 28 10:27:34 2001 *************** *** 801,815 **** debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", chost, resolvedname, ipaddr); if (options.hostbased_uses_name_from_packet_only) { if (auth_rhosts2(pw, cuser, chost, chost) == 0) return 0; lookup = chost; } else { - if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { -...

...ng the server option HostbasedUsesNameFromPacketOnly. Please CC me on any replies, as I'm not subscribed to the list. Cheers, Bill Rugolsky --- ssh/auth2.c~ Sun Feb 24 14:14:59 2002 +++ ssh/auth2.c Wed May 8 16:26:26 2002 @@ -709,15 +709,15 @@ debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", chost, resolvedname, ipaddr); + if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { + debug2("stripping trailing dot from chost %s", chost); + chost[len - 1] = '\0'; + } if (options.hostbased_uses_name_from_packet_only) {...

.../etc/hosts.equiv and .rhosts would have to be dot-terminated. Fix: Move lines 776-779 of auth2.c upwards to after line 767. (These line numbers also hold for 2.9.9p2.) *** auth2.c.ORI Wed Oct 3 19:12:44 2001 --- auth2.c Fri Nov 9 10:15:42 2001 *************** *** 765,770 **** --- 765,774 ---- resolvedname = get_canonical_hostname(options.reverse_mapping_check); ipaddr = get_remote_ipaddr(); + if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { + debug2("stripping trailing dot from chost %s", chost); + chost[len - 1] = '\0'; + } debug2(&quo...

If HostbasedUsesNameFromPacketOnly is set to yes, sshd does not remove the trailing dot from the client supplied hostname, causing sshd to attempt to look up "foo.example.com." (note trailing period) in known_hosts and .shosts instead of "foo.example.com" Trivial patch attached. -- Carson -------------- next part -------------- An embedded and charset-unspecified text was

http://bugzilla.mindrot.org/show_bug.cgi?id=697 Summary: ending slash is not used Product: Portable OpenSSH Version: 3.7.1p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo: openssh-bugs at mindrot.org ReportedBy: ramses at

...er root chost mckinley. pkalg ssh-dss slen 55 debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x80a4e88 debug2: userauth_hostbased: chost mckinley. resolvedname mckinley ipaddr 192.168.10.1 debug2: stripping trailing dot from chost mckinley. debug2: auth_rhosts2: clientuser root hostname mckinley ipaddr 192.168.10.1 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: restore_uid: 0/0 debug3:...

...waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 1245e0 debug2: userauth_hostbased: chost evereska. resolvedname evereska.wan.erac.com ipaddr 10.49.191.9 debug2: auth_rhosts2: clientuser rjl01 hostname evereska. ipaddr evereska. debug1: temporarily_use_uid: 503/5005 (e=0) debug1: restore_uid debug2: userauth_hostbased: access allowed by auth_rhosts2 debug3: check_host_in_hostfile: filename /opt/erac/etc/ssh...

For systems where the local hostname is obtained as a short name without domain, there should be a ssh_config option "DefaultDomain" as in ssh-3.x from ssh.com. For the server, there might be a corresponding option in order to strip the domain name from the remote client name (if it matches the server's DefaultDomain) for use in auth_rhost2, since netgroups usually contain short

...cuser rjl01 chost evereska. pkalg ssh-dss slen 55 debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 1245e0 debug2: userauth_hostbased: chost evereska. resolvedname evereska.wan.erac.com ipaddr 10.49.191.9 debug2: auth_rhosts2: clientuser rjl01 hostname evereska. ipaddr evereska. debug1: temporarily_use_uid: 503/5005 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 503/5005 (e=0) debug1: restore_uid debug3: mm_answer_keyallowed: key 1245e0 is disallowed...

...olland chost i2-0. pkalg ssh-dss slen 55 debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x6000000000022cd0 debug2: userauth_hostbased: chost i2-0. resolvedname i2-0 ipaddr 192.168.100.10 debug2: stripping trailing dot from chost i2-0. debug2: auth_rhosts2: clientuser jholland hostname i2-0 ipaddr 192.168.100.10 debug1: temporarily_use_uid: 500/100 (e=0/0) debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect enter...

...monitor_read: checking request 22 Jan 9 07:37:31 server sshd[19835]: debug3: mm_answer_keyallowed entering Jan 9 07:37:31 server sshd[19835]: debug3: mm_answer_keyallowed: key_from_blob: 0x7cd1262cbc76 Jan 9 07:37:31 server sshd[19835]: debug2: userauth_hostbased: chost client.DOMAIN.COM. resolvedname xxxx:xxx:xxxx:xxx::10 ipaddr xxxx:xxx:xxxx:xxx::10 Jan 9 07:37:31 server sshd[19835]: debug2: stripping trailing dot from chost client.DOMAIN.COM. Jan 9 07:37:31 server sshd[19835]: debug2: auth_rhosts2: clientuser root hostname client.DOMAIN.COM ipaddr client.DOMAIN.COM Jan 9 07:37:31 se...