search for: session_setup_sia

Displaying 19 results from an estimated 19 matches for "session_setup_sia".

2002 Sep 11
1
tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
Hi- Under privsep, I experimented with moving the session_setup_sia() out of do_child() and into do_setusercontext(), which is where the uids/gids are set to the final execution user. The call is made with a NULL tty, and this is functional provided that any later pty allocation uses grantpty() to set the device permissions. Logging in with this method shows that...
2001 Feb 13
4
cvs bulid breaks on slackware
cvs code from this morning (about 9am PST) breaks on slackware 7.1 w/ gcc 2.95.2.1 with an undefined reference to session_setup_sia in session.o. this seems to be the culprit here: #ifdef HAVE_OSF_SIA #else /* HAVE_OSF_SIA */ session_setup_sia(pw->pw_name, ttyname); since i have no idea what that's trying to accomplish (and seems to be a bit backwards to me from looking at the rest of the code dealing...
2002 Sep 04
2
uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)
...eanup patch from a while back that I submitted too late for > 3.4p1 and didn't resend after that I guess. The other defines > DISABLE_FD_PASSING when SIA is enabled, which effectively turns off > post-auth privsep. So if DISABLE_FD_PASSING turns privsep off, does that mean that session_setup_sia() will be run directly by do_child(), which at that point will be effective uid 0? > Note that I haven't been able to try it with the > latest snapshot, as I'm not at my devel box and I don't have the correct > version of autoconf installed at the moment (need the old o...
2003 Feb 27
0
Update for Tru64 Unix
...LL, pass, ent)) != SIASUCCESS) { - error("Couldn't authenticate %s from %s", user, host); + error("Couldn't authenticate %s from %s", authctxt->user, + host); if (ret & SIASTOP) sia_ses_release(&ent); return(0); @@ -77,48 +75,35 @@ } void -session_setup_sia(char *user, char *tty) +session_setup_sia(struct passwd *pw, char *tty) { - struct passwd *pw; SIAENTITY *ent = NULL; const char *host; - host = get_canonical_hostname (options.verify_reverse_mapping); + host = get_canonical_hostname(options.verify_reverse_mapping); - if (sia_ses_init(&amp...
2001 Mar 21
1
Tru64 UNIX SIA in 2.5.2p1 is hosed (still)
...in session_new(). Thus you may possibly also need to add: s->tty[0] = '\0'; into the session initialisation in session_new(), or maybe set it before the call to do_child() in do_exec_no_pty(). On further thought, perhaps the call to sia_ses_init should be left alone and the call to session_setup_sia() in session.c changed from: session_setup_sia(pw->pw_name, s->tty); to: session_setup_sia(pw->pw_name, s->ttyfd != -1 ? s->tty : NULL); Can someone who knows the code better than I do shed some light on the correct solution here. - Mike -- Mike Battersby <mi...
2003 Sep 24
1
Patches for compatibility with Heimdal's libsia_krb5 SIA module
...following: 1) preserve context between the password authentication and the session setup phases. This is necessary because the Heimdal SIA module stores Kerberos context information as mechanism-specific data in ent->mech[]. 2) Allow for the KRB5CCNAME environment variable (potentially set in session_setup_sia()) to be propagated to the session environment. Caveat: I have only tested this with the BSD and Heimdal KRB5 modules, not with OSFC2 or any other SIA module. To do: * clean up the Kerberos credentials cache at session exit. Unfortunately SIA is not invoked at this time, so this cannot be done...
2001 May 01
1
Problem with .hushlogin in Tru64 UNIX 4.0e
I have tried this with openssh-2.5.2p2 and openssh-SNAP-20010501. I have noticed that with a .hushlogin file in my home directory I still get messages. With the .hushlogin file I get these messages: Last successful login for ricardo: Tue May 1 08:06:00 2001 from blah.mnsu.edu Last unsuccessful login for ricardo: Tue May 1 08:05:21 2001 from blah.mnsu.edu Without the .hushlogin file I get
2002 Jun 29
0
Privsep for osf/1 .. still need a bit of help
...- Ben Index: auth-sia.c =================================================================== RCS file: /var/cvs/openssh/auth-sia.c,v retrieving revision 1.7 diff -u -r1.7 auth-sia.c --- auth-sia.c 12 Apr 2002 15:36:08 -0000 1.7 +++ auth-sia.c 29 Jun 2002 03:19:18 -0000 @@ -77,7 +77,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +86,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { +...
2000 Oct 15
1
Patch for Digital Unix SIA authentication
A while back, I sent in a patch that added Digital Unix SIA authentication to OpenSSH. Well, I just figured out that it didn't handle everything correctly (locked accounts could still log in). I thought I had checked that, but I guess I missed it. Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator
2002 Jun 28
0
Newer OSF patch.
...patch: Index: auth-sia.c =================================================================== RCS file: /var/cvs/openssh/auth-sia.c,v retrieving revision 1.7 diff -u -r1.7 auth-sia.c --- auth-sia.c 12 Apr 2002 15:36:08 -0000 1.7 +++ auth-sia.c 28 Jun 2002 20:29:00 -0000 @@ -77,7 +77,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +86,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { +...
2002 Aug 01
0
Tru64 and OSF/1 Privsep patch
...+++ openssh-3.4p1+/auth-sia.c Mon Jul 22 23:34:37 2002 @@ -41,9 +41,11 @@ #include <unistd.h> #include <string.h> +/* import */ extern ServerOptions options; extern int saved_argc; extern char **saved_argv; +extern int use_privsep; extern int errno; @@ -77,7 +79,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +88,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { +...
2018 Nov 29
2
Where to implement user limit settings ?
...imits (ulimit) in sshd. I'm not using PAM so I need it in the sshd itself. The task is very simple - just to put one line calling setup_limits(pw); and link with -lshadow. But the problem is, where to put this line. I did it in session.c, in do_child(), like this: #ifdef HAVE_OSF_SIA session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty); if (!check_quietlogin(s, command)) do_motd(); #else /* HAVE_OSF_SIA */ /* When PAM is enabled we rely on it to do the nologin check */ if (!options.use_pam) { do_nologin(pw); setup_lim...
2001 Mar 20
1
Tru64 UNIX SIA in 2.5.2p1 is hosed
Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal
2001 Feb 12
2
OSF_SIA bug in 2.3.0p1
Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*
2002 Aug 11
4
OSF/1 or Tru64 patch for Privsep
...+++ openssh-3.4p1+/auth-sia.c Mon Jul 22 23:34:37 2002 @@ -41,9 +41,11 @@ #include <unistd.h> #include <string.h> +/* import */ extern ServerOptions options; extern int saved_argc; extern char **saved_argv; +extern int use_privsep; extern int errno; @@ -77,7 +79,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +88,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { +...
2002 Apr 22
0
[Bug 101] session.c modifications for correct UNICOS behavior
...def _AIX { char *cp; @@ -1151,6 +1174,7 @@ * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. */ +#ifndef _CRAY if (!options.use_login) { #ifdef HAVE_OSF_SIA session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty); @@ -1164,6 +1188,9 @@ do_setusercontext(pw); #endif /* HAVE_OSF_SIA */ } +#else + cray_setup(pw->pw_uid, pw->pw_name, command); +#endif /* _CRAY */ /* * Get the shell from the password dat...
2001 Apr 13
0
Fixed patch for Digital Unix SIA
...-1041,7 +1050,7 @@ exit(254); } } -#endif /* USE_PAM */ +#endif /* USE_PAM || HAVE_OSF_SIA */ /* Set login name, uid, gid, and groups. */ /* Login(1) does this as well, and it needs uid 0 for the "-h" @@ -1049,6 +1058,8 @@ if (!options.use_login) { #ifdef HAVE_OSF_SIA session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty); + if (! check_quietlogin(s, command)) + do_motd(); #else /* HAVE_OSF_SIA */ #ifdef HAVE_CYGWIN if (is_winnt) { @@ -2027,4 +2038,27 @@ server_loop2(); if (xauthfile) xauthfile_cleanup_proc(NULL); +} + +/* + * Check for quiet login...
2002 Jun 21
6
OpenSSH 3.3 released
OpenSSH 3.3 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.2.3: ============================
2005 Apr 03
15
OpenSSH 4.1: call for testing.
Hi All. OpenSSH 4.1 will be released in the next couple of weeks and we invite interested parties to test a snapshot. The changes since 4.0 are mostly bugfixes, for a detailed list see http://bugzilla.mindrot.org/show_bug.cgi?id=994 Running the regression tests supplied with Portable does not require installation and is a simply: $ ./configure && make tests Testing on suitable