search for: setusercontext

Displaying 19 results from an estimated 19 matches for "setusercontext".

2013 Mar 13
1
[patch] Incorrect umask in FreeBSD
Normally, in the !UseLogin case on a system with login classes, the umask is set implicitly by the first setusercontext() call in do_setusercontext() in session.c. However, FreeBSD treats the umask differently from other login settings: unless running with the target user's UID, it will only apply the value from /etc/login.conf, not that from the user's ~/.login.conf. The patch below addresses this (althou...
2002 Jun 25
3
BSD/OS with privsep
I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno));...
2000 Oct 07
0
OpenSSH changes for BSD/OS
...following are patches against openssh 2.1.1p4 to add support for the BSD_AUTH authentication mechanisms. It allows the use of non-challenge/response style mechanisms (which styles are allowed my be limited by appropriate auth-ssh entries in login.conf). The patches also add support for calling setusercontext for the appropriate class when called with a command (so that the PATH, limits, etc. are set appropriately for the class the user is part of). login -h takes care of this when ssh is called for a regular login. To have access to the class when setting up the session, I had to add preserving it...
2006 Apr 27
0
bug in OpenSSH_4.3p2: pam_open_session() called but not close for root users
...en_session is called, but not pam_close_session. sshd behavior is broken for root logins because if pam session is run from the child, close is never called due to exec: on open since use_privsep is not set, parent calls do_exec_pty(), which does not open session. then, it skips calling do_setusercontext(), so it does not open session. child calls do_setusercontext(), which opens session. on close child will not close sesion, because it exec'd the shell, and the sshd task is gone! parent will not close session, since session was not opened by parent, sshpam_session_op...
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
...(u_char)(c)) >= '0' && ((u_char)(c)) <= '7') Index: session.c --- session.c 2001/02/13 07:43:17 1.1 +++ session.c 2001/02/13 07:45:46 1.2 @@ -1155,7 +1155,9 @@ child_set_env(&env, &envsize, "HOME", pw->pw_dir); #ifdef HAVE_LOGIN_CAP (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); - child_set_env(&env, &envsize, "PATH", getenv("PATH")); + /* update the path to the one setusercontext set for us */ + if (getenv("PATH")) + child_set_env(&env, &envsize, "PATH", getenv("PATH&q...
2000 Feb 27
0
[PATCH] Fix login.conf, expiration, BSD compatibility in OpenSSH
..._PATH_MAILDIR, pw->pw_name); + child_set_env(&env, &envsize, "MAIL", buf); + + if (getenv("TZ")) + child_set_env(&env, &envsize, "TZ", getenv("TZ")); + + /* Save parent environment */ + tmpenv = environ; + environ = env; + + if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETALL) < 0) + fatal("setusercontext failed: %s", strerror(errno)); + + /* Restore parent environment */ + env = environ; + environ = tmpenv; + + for (envsize = 0; env[envsize] != NULL; ++envsize) + ; + envsize = (envsize < 100) ? 100 : envsize...
2003 Aug 24
12
[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional
2001 Jul 20
0
Updated chroot patch
...*new_root = '\0'; + new_root += 2; + + if(chroot(user_dir) != 0) + fatal("Couldn't chroot to user directory %s", user_dir); + + pw->pw_dir = new_root; + break; + } + new_root += 2; + } +# endif /* DOT_CHROOT */ # ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { -----------------------------< cut here >------------------------------- -- Civilisation: where they cut down the trees and name streets after them.
2002 Jun 25
0
[Bug 298] New: sshd fails to set user context, preventing all logins, also setgroups is failing
...debugging mode. Connection from 148.59.19.13 port 1015 debug1: Client protocol version 1.5; client software version 1.2.27 debug1: match: 1.2.27 pat 1.2.1*,1.2.2*,1.2.3* debug1: Local version string SSH-1.99-OpenSSH_3.3 unable to set user context: Bad file descriptor gdb says: #0 0x805c8c3 in do_setusercontext (pw=0x813c000) at session.c:1164 1164 if (setusercontext(lc, pw, pw->pw_uid, (gdb) print lc $1 = (login_cap_t *) 0x0 (gdb) print *pw $2 = {pw_name = 0x8141000 "sshd", pw_passwd = 0x8141005 "", pw_uid = 10658, pw_gid = 1010, pw_change = 0, pw_class = 0x8141...
2002 Jun 26
4
[Bug 298] sshd fails to set user context, preventing all logins, also setgroups is failing
http://bugzilla.mindrot.org/show_bug.cgi?id=298 ------- Additional Comments From sshbugs at wayne47.com 2002-06-26 11:05 ------- Problem appears to be that setusercontext is being called after a chroot. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
2002 Nov 26
0
[Bug 446] New: $LOGIN not set by openssh under AIX
...v, &envsize, "LOGNAME", pw->pw_name); + #ifdef _AIX + child_set_env(&env, &envsize, "LOGIN", pw->pw_name); + #endif child_set_env(&env, &envsize, "HOME", pw->pw_dir); #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
2003 Sep 23
1
3.7.1p1 appears to break pam session.
Hi, I am running FreeBSD 4.7 and openssh 3.7.1p1. I have enabled PAM usage and indeed, I can use PAM for authentication purposes. Since configure does login_cap.h, the preprocessor is side stepping do_pam_session() altogether in session.c:do_setusercontext(). Here is my patch for session.c. My understanding about portability issues is rather limited. I would very much appreciate if you guys could check this and verify that I am not introducing more problems with this. So far this works for me. --- session.c Tue Sep 23 10:14:47 2003 +++ sessio...
2004 Jan 15
2
What is print_pam_messages() used for ?
Hi, I was investigating why I don't see any warnings from pam_ldap indicating the pending expiration of passwords as well as for PAM_NEW_AUTHTOK_REQD. Eventually, I found that do_pam_account() does not have a conversation function. Also, there is a function print_pam_messages (currently empty) which look suspiciously like it is ear marked to show just those error messages: /* auth-pam.c
2000 Aug 23
14
Test snapshot
...c/nologin if "UseLogin no" since login(1) may have its own policy on determining who is allowed to login when /etc/nologin is present. Also use the _PATH_NOLOGIN define. - millert at cvs.openbsd.org 2000/08/20 12:42:43 [auth1.c auth2.c session.c ssh.c] Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class. - millert at cvs.openbsd.org 2000/08/21 10:23:31 [session.c] Fix incorrect PATH setting...
2002 Mar 29
2
scp : Problems with pathing
Hi, I'm sure I'll get a few "RTFM", but I hope I'll allay those feelings. I'm getting the "scp: command not found". I've read the FAQ. I've read bugs 42 and 82 in bugzilla. Hopefully, I didn't overlook something. At a minimum, defines.h has : #ifdef USER_PATH # ifdef _PATH_STDPATH # undef _PATH_STDPATH # endif # define _PATH_STDPATH
2007 Jul 14
2
OpenBSM questions
Hello I have some issues with OpenBSM which i cannot resolve, so i decided to ask there. 1) I found some bugs in the auditreduce utility and created patch for it - http://www.freebsd.org/cgi/query-pr.cgi?pr=114534. Please, someone from freebsd team - take it, i think its better to fix this before next release. 2) I found that when i`m using XDM as login manager with OpenBSM, all my audit
2002 Jul 04
4
Chroot patch (v3.4p1)
...or_wrap.h" +#include "match.h" +#include "readconf.h" #ifdef HAVE_CYGWIN #include <windows.h> @@ -64,6 +66,8 @@ #define is_winnt (GetVersion() < 0x80000000) #endif +#define CHROOT + /* func */ Session *session_new(void); @@ -1160,6 +1164,12 @@ do_setusercontext(struct passwd *pw) { char tty='\0'; + int i; +#ifdef CHROOT + char *new_root = "/"; + const char *hostname = NULL; + const char *ipaddr = NULL; +#endif /* CHROOT */ #ifdef HAVE_CYGWIN if (is_winnt) { @@ -1187,6 +1197,26 @@ if (setlogin(pw->p...
2003 Mar 10
10
[Bug 83] PAM limits applied incorrectly (pam_session being called as non-root)
http://bugzilla.mindrot.org/show_bug.cgi?id=83 ------- Additional Comments From djm at mindrot.org 2003-03-10 15:49 ------- Created an attachment (id=247) --> (http://bugzilla.mindrot.org/attachment.cgi?id=247&action=view) Call pam_session after child fork() Hopefully this patch will allow people to gather the feedback necessary to close this bug. ------- You are receiving this
2024 Jul 30
11
[Bug 3715] New: safely_chroot is a little too restrictive: noexec or nosuid should be enough
https://bugzilla.mindrot.org/show_bug.cgi?id=3715 Bug ID: 3715 Summary: safely_chroot is a little too restrictive: noexec or nosuid should be enough Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5