search for: reverse_mapping_check

...nssh-3.0.2p1-tschroed/auth-sia.c Thu Dec 6 13:02:26 2001 *************** *** 21,32 **** extern char **saved_argv; extern int errno; int auth_sia_password(char *user, char *pass) { int ret; - SIAENTITY *ent = NULL; const char *host; host = get_canonical_hostname(options.reverse_mapping_check); --- 21,32 ---- extern char **saved_argv; extern int errno; + SIAENTITY *__sia_ent = NULL; int auth_sia_password(char *user, char *pass) { int ret; const char *host; host = get_canonical_hostname(options.reverse_mapping_check); *************** *** 34,51 **** if (!use...

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

...p; from, &fromlen) < 0) { + debug("getpeername: %.100s", strerror(errno)); + fatal_cleanup(); + } + } + + record_utmp_only(pid, s->tty, s->pw->pw_name, + get_remote_name_or_ip(utmp_len, options.reverse_mapping_check), + (struct sockaddr *)&from); +} +#endif + /* * This is called to fork and execute a command when we have no tty. This * will call do_child from the child, and server_loop from the parent after @@ -621,34 +649,6 @@ /* server_loop _has_ closed ptyfd and fdout. */...

...char * +get_remote_name_or_ip(void); + /* module-local variables */ static struct pam_conv conv = { do_pam_conversation, @@ -356,9 +360,9 @@ pam_retval, PAM_STRERROR(__pamh, pam_retval)); debug("PAM setting rhost to \"%.200s\"", - get_canonical_hostname(options.reverse_mapping_check)); + get_remote_name_or_ip()); pam_retval = pam_set_item(__pamh, PAM_RHOST, - get_canonical_hostname(options.reverse_mapping_check)); + get_remote_name_or_ip()); if (pam_retval != PAM_SUCCESS) fatal("PAM set rhost failed[%d]: %.200s", pam_retval, PAM_STRERROR(__pamh...

...); #endif #ifdef KRB4 if (options.kerberos_authentication == 1) { --- 147,157 ---- } #endif #ifdef WITH_AIXAUTHENTICATE ! if (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0) ! return 1; ! loginfailed(authctxt->user, ! get_canonical_hostname(options.reverse_mapping_check), "ssh"); ! return 0; #endif #ifdef KRB4 if (options.kerberos_authentication == 1) { *** openssh-2.9.9p2/auth2.c.org Tue Oct 2 17:54:29 2001 --- openssh-2.9.9p2/auth2.c Tue Oct 2 17:54:56 2001 *************** *** 275,280 **** --- 275,287 ---- /* XXX todo: check if multiple a...

...user's groups is listed in DenyGroups, false * will be returned. If AllowUsers isn't empty and user isn't listed @@ -103,14 +153,18 @@ /* Return false if user is listed in DenyUsers */ if (options.num_deny_users > 0) { + const char *hostname = get_canonical_hostname(options.reverse_mapping_check); + const char *ipaddr = get_remote_ipaddr(); for (i = 0; i < options.num_deny_users; i++) - if (match_pattern(pw->pw_name, options.deny_users[i])) + if (match_user(pw->pw_name, hostname, ipaddr, options.deny_users[i])) return 0; } /* Return false if AllowUsers isn't e...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...pw->pw_name,password,&reenter,&authmsg) == 0); > debug("auth-passwd (FZJ-authenticate): rc: %d msg: %s", iau, authmsg); > if (iau) > return 1; > loginfailed(authctxt->user, > get_canonical_hostname(options.reverse_mapping_check), > "ssh"); > return 0; > } ------------------------------------------------------------------------- -- Klaus Wolkersdorfer (K.Wolkersdorfer at fz-juelich.de) Zentralinstitut fuer Angewandte Mathematik (ZAM) Tel: +49-2...

...dot-terminated. Fix: Move lines 776-779 of auth2.c upwards to after line 767. (These line numbers also hold for 2.9.9p2.) *** auth2.c.ORI Wed Oct 3 19:12:44 2001 --- auth2.c Fri Nov 9 10:15:42 2001 *************** *** 765,770 **** --- 765,774 ---- resolvedname = get_canonical_hostname(options.reverse_mapping_check); ipaddr = get_remote_ipaddr(); + if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { + debug2("stripping trailing dot from chost %s", chost); + chost[len - 1] = '\0'; + } debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s...

...ogin_time(pw->pw_uid, pw->pw_name, - hostname, sizeof(hostname)); - } - /* Record that there was a login on that tty from the remote host. */ record_login(pid, s->tty, pw->pw_name, pw->pw_uid, get_remote_name_or_ip(utmp_len, options.reverse_mapping_check), @@ -741,14 +738,14 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ - if (options.print_lastlog && last_login_time != 0) { - time_string = ctime(&last_login_time); + if (options.print_lastlog && found_last...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...ernet Services I don't speak for anybody but myself - that's enough trouble. diff -urN openssh_cvs/auth-sia.c openssh/auth-sia.c --- openssh_cvs/auth-sia.c Tue Feb 13 08:25:23 2001 +++ openssh/auth-sia.c Fri Apr 13 11:00:07 2001 @@ -61,35 +61,46 @@ host = get_canonical_hostname (options.reverse_mapping_check); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) - fatal("sia_ses_init failed"); + NULL) != SIASUCCESS) { + error("sia_ses_init failed"); + exit(1); + } if ((pw = getpwnam(user)) == NULL) { sia_ses_release(&amp...

...01/09/28 18:48:11 2.9.9.2.0.1 @@ -87,8 +87,8 @@ get_remote_hostname(int socket, int reve * of this software). */ for (i = 0; name[i]; i++) - if (isupper(name[i])) - name[i] = tolower(name[i]); + if (isupper((unsigned char)name[i])) + name[i] = tolower((unsigned char)name[i]); if (!reverse_mapping_check) return xstrdup(name); =================================================================== RCS file: match.c,v retrieving revision 2.9.9.2 retrieving revision 2.9.9.2.0.1 diff -pu -r2.9.9.2 -r2.9.9.2.0.1 --- match.c 2001/07/04 04:56:46 2.9.9.2 +++ match.c 2001/09/28 18:48:11 2.9.9.2.0.1 @@ -134,...

...} Index: servconf.c =================================================================== RCS file: /cvs/openssh/servconf.c,v retrieving revision 1.74 diff -u -r1.74 servconf.c --- servconf.c 22 Jan 2002 12:35:12 -0000 1.74 +++ servconf.c 23 Jan 2002 11:11:29 -0000 @@ -107,8 +107,7 @@ options->reverse_mapping_check = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; - options->authorized_keys_file = NULL; - options->authorized_keys_file2 = NULL; + options->num_authorized_keys_files = 0; } void @@ -223,15 +222,11 @@ options->client_alive_interval = 0;...

...getpeername(packet_get_connection_in(), + (struct sockaddr *) & from, &fromlen) < 0) { + debug("getpeername: %.100s", strerror(errno)); + fatal_cleanup(); + } + } + + record_utmp_only(pid, s->tty, s->pw->pw_name, + get_remote_name_or_ip(utmp_len, options.reverse_mapping_check), + (struct sockaddr *)&from); +} +#endif + /* administrative, login(1)-like work */ void do_login(Session *s, const char *command) @@ -1511,6 +1546,9 @@ /* Launch login(1). */ execl(LOGIN_PROGRAM, "login", "-h", hostname, +#ifdef LOGIN_NEEDS_TERM + s...

...ebug("test whether pkalg/pkblob are acceptable"); packet_done(); diff -u5 openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1/servconf.c --- openssh-3.0.2p1.orig/servconf.c Tue Nov 13 14:03:15 2001 +++ openssh-3.0.2p1/servconf.c Tue Jan 29 14:23:41 2002 @@ -107,10 +107,11 @@ options->reverse_mapping_check = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; + options->log_key_fingerprint = -1; } void fill_default_server_options(ServerOptions *options) { @@ -227,10 +22...

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the