search for: saved_argc

...2.0p1/auth-sia.c --- openssh-2.2.0p1-dist/auth-sia.c Wed Dec 31 18:00:00 1969 +++ openssh-2.2.0p1/auth-sia.c Sat Oct 14 21:24:19 2000 @@ -0,0 +1,34 @@ +#include "includes.h" + +#ifdef HAVE_OSF_SIA +#include "ssh.h" + +#include <sia.h> +#include <siad.h> + +extern int saved_argc; +extern char **saved_argv; + +int +auth_sia_password (user, pass) + char *user; + char *pass; +{ + SIAENTITY *ent = NULL; + int ret; + + if (sia_ses_init (&ent, saved_argc, saved_argv, + get_canonical_hostname(), user, NULL, 0, NULL) != SIASUCCESS) + return 0; + if ((ret = sia_ses_authent...

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /* !HAVE_OSF_SIA && !USE_PAM */ At this stage pw could be NULL so obviously pw->pw_name isn't a valid thing to do. Should this just be 'us...

...pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); + #if defined(BSD) && BSD >= 199506 + pwcopy.pw_class = xstrdup(pw->pw_class); + #endif pw = &pwcopy; #ifdef USE_PAM *************** *** 508,514 **** (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { ! #else /* !HAVE_OSF_SIA && !USE_PAM */ auth_password(pw, "")) { #endif /* USE_PAM */ /* Authentication with empty password succeeded. */ --- 529,537...

...yet). > I'll give the patch a try. Thanks, Toni > diff -urN openssh-SNAP-20020826/auth-sia.c openssh/auth-sia.c > --- openssh-SNAP-20020826/auth-sia.c Fri Apr 12 10:36:08 2002 > +++ openssh/auth-sia.c Tue Sep 3 22:03:16 2002 > @@ -45,27 +45,25 @@ > extern int saved_argc; > extern char **saved_argv; > > -extern int errno; > - > int > auth_sia_password(Authctxt *authctxt, char *pass) > { > int ret; > SIAENTITY *ent = NULL; > const char *host; > - char *user = authctxt->user; > > host...

...ve login with a shell, enabling privsep will require 1 additional process per login session. diff -urN openssh-SNAP-20030226/auth-sia.c openssh/auth-sia.c --- openssh-SNAP-20030226/auth-sia.c Tue Jan 21 22:42:27 2003 +++ openssh/auth-sia.c Wed Feb 26 19:46:17 2003 @@ -45,27 +45,25 @@ extern int saved_argc; extern char **saved_argv; -extern int errno; - int auth_sia_password(Authctxt *authctxt, char *pass) { int ret; SIAENTITY *ent = NULL; const char *host; - char *user = authctxt->user; host = get_canonical_hostname(options.verify_reverse_mapping); - if (pass[0] == '\0')...

...3 02:25:48 2003 +++ openssh-3.7.1p2/auth-sia.c Wed Sep 24 00:05:39 2003 @@ -31,6 +31,7 @@ #include "log.h" #include "servconf.h" #include "canohost.h" +#include "xmalloc.h" #include <sia.h> #include <siad.h> @@ -45,11 +46,12 @@ extern int saved_argc; extern char **saved_argv; +static SIAENTITY *ent = NULL; + int auth_sia_password(Authctxt *authctxt, char *pass) { int ret; - SIAENTITY *ent = NULL; const char *host; host = get_canonical_hostname(options.use_dns); @@ -57,6 +59,12 @@ if (!authctxt->user || pass == NULL || pass[0...

...t errno; + SIAENTITY *__sia_ent = NULL; int auth_sia_password(char *user, char *pass) { int ret; const char *host; host = get_canonical_hostname(options.reverse_mapping_check); *************** *** 34,51 **** if (!user || !pass) return(0); ! if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0, NULL) != SIASUCCESS) return(0); ! if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { error("couldn't authenticate %s from %s", user, host); if (ret & SIASTOP) ! sia_ses_release(&ent); return(0); }...

...o strip */ + { + char *p; + bsduser = xstrdup(user); + if ((p = strchr(user, ':')) != NULL) + *p = '\0'; + } +#endif pw = getpwnam(user); if (pw && allowed_user(pw)) { /* Take a copy of the returned structure. */ @@ -460,7 +482,9 @@ (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { -#else /* !HAVE_OSF_SIA && !USE_PAM */ +#elif defined(HAVE_BSD_AUTH_H) + auth_userokay(bsduser, NULL, "auth-ssh", "" )) { +#else /* !HAVE_OSF_SIA &&a...

...1 17:33:18 2001 *************** *** 455,461 **** (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif /* KRB4 */ #ifdef USE_PAM ! auth_pam_password(pw, "")) { #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, --- 455,461 ---- (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif /* KRB4 */ #ifdef USE_PAM ! auth_pam_password(pw, "") && do_pam_account(p...

...@ -307,7 +316,7 @@ #ifdef USE_PAM /* Do PAM auth with password */ - authenticated = auth_pam_password(pw, password); + authenticated = auth_pam_password(pw, password, SSH_CMSG_AUTH_PASSWORD); #elif defined(HAVE_OSF_SIA) /* Do SIA auth with password */ if (sia_validate_user(NULL, saved_argc, saved_argv, @@ -355,6 +364,26 @@ xfree(response); } break; +#elif defined(PAM_TIS) + case SSH_CMSG_AUTH_TIS: + debug("rcvd SSH_CMSG_AUTH_TIS"); + if (!options.tis_authentication) { + verbose("TIS authentication disabled."); + break; + } +...

...old a NULL. Calling sia_ses_init() with the tty being an empty string doesn't signify no tty, and hence will cause a failure. The "no tty" case should have tty passed as NULL. One possible fix for this is to change the call to sia_ses_init from: if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, NULL) != SIASUCCESS) to: if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty[0] ? tty : NULL, 0, NULL) != SIASUCCESS) However, I'm not convinced that tty won't be some random value here if session structure ha...

...diff -ur openssh-3.4p1/auth-sia.c openssh-3.4p1+/auth-sia.c --- openssh-3.4p1/auth-sia.c Fri Apr 12 11:36:08 2002 +++ openssh-3.4p1+/auth-sia.c Mon Jul 22 23:34:37 2002 @@ -41,9 +41,11 @@ #include <unistd.h> #include <string.h> +/* import */ extern ServerOptions options; extern int saved_argc; extern char **saved_argv; +extern int use_privsep; extern int errno; @@ -77,7 +79,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +88,8 @@ host = get_canonical_hostname (options.verify_revers...

...t_canonical_hostname(options.use_dns); - + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + return (0); if (!authctxt->user || pass == NULL || pass[0] == '\0') return (0); + host = get_canonical_hostname(options.use_dns); if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, NULL, 0, NULL) != SIASUCCESS) return (0); _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

...TRU64 Unix 4.0D we got the following error message ... auth1.c:507: `saved_argv' undeclared (first use in this function) .... auth1.c:509: warning: passing arg 4 of `sia_validate_user' discards qualifiers from pointer target type *** Exit 1 where line 509 ===> (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) I read the archive mails and adjusted the auth1.c source file according to the latest info (by John Speno on 7/3) but without success (so there seems to be a difference betwe...

...Key *key; int ret, key_used = 0; - /* Save argv. */ +#ifdef HAVE_SECUREWARE + (void)set_auth_parameters(ac, av); +#endif + __progname = get_progname(av[0]); + init_rng(); + + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ + saved_argc = ac; saved_argv = av; + saved_argv = xmalloc(sizeof(*saved_argv) * ac); + for (i = 0; i < ac; i++) + saved_argv[i] = xstrdup(av[i]); + +#ifndef HAVE_SETPROCTITLE ------------------- If sshd uses to reload service after receive SIGHUP, it use execve to start ss...

...diff -ur openssh-3.4p1/auth-sia.c openssh-3.4p1+/auth-sia.c --- openssh-3.4p1/auth-sia.c Fri Apr 12 11:36:08 2002 +++ openssh-3.4p1+/auth-sia.c Mon Jul 22 23:34:37 2002 @@ -41,9 +41,11 @@ #include <unistd.h> #include <string.h> +/* import */ extern ServerOptions options; extern int saved_argc; extern char **saved_argv; +extern int use_privsep; extern int errno; @@ -77,7 +79,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +88,8 @@ host = get_canonical_hostname (options.verify_revers...

.../security/openssh/cvs/openssh_cvs/sshd.c,v retrieving revision 1.333 diff -u -p -r1.333 sshd.c --- sshd.c 26 Mar 2006 03:24:50 -0000 1.333 +++ sshd.c 4 May 2006 02:01:50 -0000 @@ -921,7 +921,7 @@ main(int ac, char **av) /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; rexec_argc = ac; - saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1)); + saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); for (i = 0; i < ac; i++) saved_argv[i] = xstrdup(av[i]); saved_argv[i] = NULL; Index: openbsd-compat/bsd-cygwin_util.c ====================================...

...- that's enough trouble. diff -urN openssh_cvs/auth-sia.c openssh/auth-sia.c --- openssh_cvs/auth-sia.c Tue Feb 13 08:25:23 2001 +++ openssh/auth-sia.c Fri Apr 13 11:00:07 2001 @@ -61,35 +61,46 @@ host = get_canonical_hostname (options.reverse_mapping_check); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) - fatal("sia_ses_init failed"); + NULL) != SIASUCCESS) { + error("sia_ses_init failed"); + exit(1); + } if ((pw = getpwnam(user)) == NULL) { sia_ses_release(&ent); - fatal("getpwnam(%s) failed: %...

...sia.c 29 Jun 2002 03:19:18 -0000 @@ -77,7 +77,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +86,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(user)) == NULL) { sia_ses_release(&ent); @@ -100,25 +99,22 @@ } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_tr...

...sia.c 28 Jun 2002 20:29:00 -0000 @@ -77,7 +77,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +86,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(user)) == NULL) { sia_ses_release(&ent); @@ -100,25 +99,22 @@ } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_tr...