Displaying 19 results from an estimated 19 matches for "setusercontext".
2013 Mar 13
1
[patch] Incorrect umask in FreeBSD
Normally, in the !UseLogin case on a system with login classes, the
umask is set implicitly by the first setusercontext() call in
do_setusercontext() in session.c. However, FreeBSD treats the umask
differently from other login settings: unless running with the target
user's UID, it will only apply the value from /etc/login.conf, not that
from the user's ~/.login.conf. The patch below addresses this (althou...
2002 Jun 25
3
BSD/OS with privsep
I need this for BSD/OS 4.2 + privsep
perhaps we should not call do_setusercontext() after
chroot().
--- sshd.c.orig Fri Jun 21 03:09:47 2002
+++ sshd.c Tue Jun 25 13:11:03 2002
@@ -548,21 +548,35 @@
/* Change our root directory*/
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno));...
2000 Oct 07
0
OpenSSH changes for BSD/OS
...following are patches against openssh 2.1.1p4 to add
support for the BSD_AUTH authentication mechanisms. It allows the
use of non-challenge/response style mechanisms (which styles are
allowed my be limited by appropriate auth-ssh entries in login.conf).
The patches also add support for calling setusercontext for the
appropriate class when called with a command (so that the PATH, limits,
etc. are set appropriately for the class the user is part of). login -h
takes care of this when ssh is called for a regular login. To have
access to the class when setting up the session, I had to add preserving
it...
2006 Apr 27
0
bug in OpenSSH_4.3p2: pam_open_session() called but not close for root users
...en_session is called, but not pam_close_session.
sshd behavior is broken for root logins because if pam session
is run from the child, close is never called due to exec:
on open
since use_privsep is not set, parent calls do_exec_pty(),
which does not open session. then, it skips calling do_setusercontext(),
so it does not open session.
child calls do_setusercontext(), which opens session.
on close
child will not close sesion, because it exec'd the
shell, and the sshd task is gone!
parent will not close session, since session was not opened by
parent, sshpam_session_op...
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
...(u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
Index: session.c
--- session.c 2001/02/13 07:43:17 1.1
+++ session.c 2001/02/13 07:45:46 1.2
@@ -1155,7 +1155,9 @@
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
#ifdef HAVE_LOGIN_CAP
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
- child_set_env(&env, &envsize, "PATH", getenv("PATH"));
+ /* update the path to the one setusercontext set for us */
+ if (getenv("PATH"))
+ child_set_env(&env, &envsize, "PATH", getenv("PATH&q...
2000 Feb 27
0
[PATCH] Fix login.conf, expiration, BSD compatibility in OpenSSH
..._PATH_MAILDIR, pw->pw_name);
+ child_set_env(&env, &envsize, "MAIL", buf);
+
+ if (getenv("TZ"))
+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+
+ /* Save parent environment */
+ tmpenv = environ;
+ environ = env;
+
+ if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETALL) < 0)
+ fatal("setusercontext failed: %s", strerror(errno));
+
+ /* Restore parent environment */
+ env = environ;
+ environ = tmpenv;
+
+ for (envsize = 0; env[envsize] != NULL; ++envsize)
+ ;
+ envsize = (envsize < 100) ? 100 : envsize...
2003 Aug 24
12
[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
http://bugzilla.mindrot.org/show_bug.cgi?id=423
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |627
nThis| |
Status|NEW |ASSIGNED
------- Additional
2001 Jul 20
0
Updated chroot patch
...*new_root = '\0';
+ new_root += 2;
+
+ if(chroot(user_dir) != 0)
+ fatal("Couldn't chroot to user directory %s", user_dir);
+
+ pw->pw_dir = new_root;
+ break;
+ }
+ new_root += 2;
+ }
+# endif /* DOT_CHROOT */
# ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
-----------------------------< cut here >-------------------------------
--
Civilisation: where they cut down the trees and name streets after them.
2002 Jun 25
0
[Bug 298] New: sshd fails to set user context, preventing all logins, also setgroups is failing
...debugging mode.
Connection from 148.59.19.13 port 1015
debug1: Client protocol version 1.5; client software version 1.2.27
debug1: match: 1.2.27 pat 1.2.1*,1.2.2*,1.2.3*
debug1: Local version string SSH-1.99-OpenSSH_3.3
unable to set user context: Bad file descriptor
gdb says:
#0 0x805c8c3 in do_setusercontext (pw=0x813c000) at session.c:1164
1164 if (setusercontext(lc, pw, pw->pw_uid,
(gdb) print lc
$1 = (login_cap_t *) 0x0
(gdb) print *pw
$2 = {pw_name = 0x8141000 "sshd", pw_passwd = 0x8141005 "", pw_uid = 10658, pw_gid = 1010, pw_change = 0, pw_class = 0x8141...
2002 Jun 26
4
[Bug 298] sshd fails to set user context, preventing all logins, also setgroups is failing
http://bugzilla.mindrot.org/show_bug.cgi?id=298
------- Additional Comments From sshbugs at wayne47.com 2002-06-26 11:05 -------
Problem appears to be that setusercontext is being called after a chroot.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2002 Nov 26
0
[Bug 446] New: $LOGIN not set by openssh under AIX
...v, &envsize, "LOGNAME", pw->pw_name);
+ #ifdef _AIX
+ child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
+ #endif
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2003 Sep 23
1
3.7.1p1 appears to break pam session.
Hi,
I am running FreeBSD 4.7 and openssh 3.7.1p1. I have enabled
PAM usage and indeed, I can use PAM for authentication purposes.
Since configure does login_cap.h, the preprocessor is side stepping
do_pam_session()
altogether in session.c:do_setusercontext().
Here is my patch for session.c. My understanding about
portability issues is rather limited. I would very much appreciate if
you guys could check this and verify that I am not introducing more
problems with this. So far this works for me.
--- session.c Tue Sep 23 10:14:47 2003
+++ sessio...
2004 Jan 15
2
What is print_pam_messages() used for ?
Hi,
I was investigating why I don't see any warnings from
pam_ldap indicating the pending expiration of passwords as well as
for PAM_NEW_AUTHTOK_REQD. Eventually, I found that do_pam_account()
does not have a conversation function. Also, there is a function
print_pam_messages (currently empty) which look suspiciously like it
is ear marked to show just those error messages:
/* auth-pam.c
2000 Aug 23
14
Test snapshot
...c/nologin if "UseLogin no" since login(1) may have its
own policy on determining who is allowed to login when /etc/nologin
is present. Also use the _PATH_NOLOGIN define.
- millert at cvs.openbsd.org 2000/08/20 12:42:43
[auth1.c auth2.c session.c ssh.c]
Add calls to setusercontext() and login_get*(). We basically call
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.
- millert at cvs.openbsd.org 2000/08/21 10:23:31
[session.c]
Fix incorrect PATH setting...
2002 Mar 29
2
scp : Problems with pathing
Hi,
I'm sure I'll get a few "RTFM", but I hope I'll allay those feelings.
I'm getting the "scp: command not found". I've read the FAQ. I've
read bugs 42 and 82 in bugzilla. Hopefully, I didn't overlook something.
At a minimum, defines.h has :
#ifdef USER_PATH
# ifdef _PATH_STDPATH
# undef _PATH_STDPATH
# endif
# define _PATH_STDPATH
2007 Jul 14
2
OpenBSM questions
Hello
I have some issues with OpenBSM which i cannot resolve, so i decided to
ask there.
1) I found some bugs in the auditreduce utility and created patch for it
- http://www.freebsd.org/cgi/query-pr.cgi?pr=114534.
Please, someone from freebsd team - take it, i think its better to fix
this before next release.
2) I found that when i`m using XDM as login manager with OpenBSM, all my
audit
2002 Jul 04
4
Chroot patch (v3.4p1)
...or_wrap.h"
+#include "match.h"
+#include "readconf.h"
#ifdef HAVE_CYGWIN
#include <windows.h>
@@ -64,6 +66,8 @@
#define is_winnt (GetVersion() < 0x80000000)
#endif
+#define CHROOT
+
/* func */
Session *session_new(void);
@@ -1160,6 +1164,12 @@
do_setusercontext(struct passwd *pw)
{
char tty='\0';
+ int i;
+#ifdef CHROOT
+ char *new_root = "/";
+ const char *hostname = NULL;
+ const char *ipaddr = NULL;
+#endif /* CHROOT */
#ifdef HAVE_CYGWIN
if (is_winnt) {
@@ -1187,6 +1197,26 @@
if (setlogin(pw->p...
2003 Mar 10
10
[Bug 83] PAM limits applied incorrectly (pam_session being called as non-root)
http://bugzilla.mindrot.org/show_bug.cgi?id=83
------- Additional Comments From djm at mindrot.org 2003-03-10 15:49 -------
Created an attachment (id=247)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=247&action=view)
Call pam_session after child fork()
Hopefully this patch will allow people to gather the feedback necessary to
close this bug.
------- You are receiving this
2024 Jul 30
11
[Bug 3715] New: safely_chroot is a little too restrictive: noexec or nosuid should be enough
https://bugzilla.mindrot.org/show_bug.cgi?id=3715
Bug ID: 3715
Summary: safely_chroot is a little too restrictive: noexec or
nosuid should be enough
Product: Portable OpenSSH
Version: 9.8p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5