search for: sia_ses_estab

...There is also a user process running a shell, connected to the client through a pty. (2) The pty is owned by the user. On my system, for example: crw--w---- 2 dhp terminal 6, 3 Aug 30 17:05 /dev/ttyp3 Now, if I step through setup_sia() in the debugger, I get an error return from sia_ses_estab(), so that fatal() is called, which results session_pty_cleanup() being called, which resets the pty ownership back to the default: crw-rw-rw- 2 root system 6, 3 Aug 30 17:05 /dev/ttyp3 This is the state you were finding things in. I suspect that what happens is, the privileged process...

OK, I got a chance to try out the Tru64 patch for privsep. I applied the patch to 3.4p1. Partial success, in that it now works for me for logins to "root". Logins to ordinary accounts fail after authentication, when trying to set tty characteristics. See the excerpt from the debug messages below. This is for Tru64 V4.0F (with enhanced_security turned on, obviously.) I guess it's time

...ogin for ricardo: Tue May 1 08:06:00 2001 from blah.mnsu.edu Last unsuccessful login for ricardo: Tue May 1 08:05:21 2001 from blah.mnsu.edu Without the .hushlogin file I get the same messages along with /etc/motd It appears that these messages are being produced from withing auth-sia.c during sia_ses_estab(). I couldn't tell if there was some way to suppress these messages or not. Does anybody on this list know if these messages can be suppressed? If then can be, we should fix it so these messages are printed when there is no .hushlogin and suppressed when there is a .hushlogin or there is a comm...

...se(&ent); error("getpwnam(%s) failed: %s", user, strerror(errno)); exit(1); } ! if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { ! sia_ses_release(&ent); error("sia_make_entity_pwd failed"); exit(1); } ! ent->authtype = SIA_A_NONE; ! if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { error("couldn't establish session for %s from %s", user, host); exit(1); --- 54,77 ---- { int ret; struct passwd *pw; ! /* SIAENTITY *__sia_ent = NULL; */ const char *host; host = get_canonical_hostname (options....

...nt); > - fatal("getpwnam: no user: %s", user); > - } > if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { > sia_ses_release(&ent); > fatal("sia_make_entity_pwd failed"); > } > > ent->authtype = SIA_A_NONE; > - if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { > - fatal("Couldn't establish session for %s from %s", user, > - host); > - } > - > - if (setpriority(PRIO_PROCESS, 0, 0) == -1) { > - sia_ses_release(&ent); > - fatal("setpriority: %s", st...

...if ((pw = getpwnam(user)) == NULL) { - sia_ses_release(&ent); - fatal("getpwnam: no user: %s", user); - } if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { sia_ses_release(&ent); fatal("sia_make_entity_pwd failed"); } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { - fatal("Couldn't establish session for %s from %s", user, - host); - } - - if (setpriority(PRIO_PROCESS, 0, 0) == -1) { - sia_ses_release(&ent); - fatal("setpriority: %s", strerror (errno)); - } + if (sia_ses_estab(sia_coll...

...s) failed: %s", user, strerror(errno)); + exit(1); } if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { sia_ses_release(&ent); - fatal("sia_make_entity_pwd failed"); + error("sia_make_entity_pwd failed"); + exit(1); } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) - fatal("couldn't establish session for %s from %s", user, + if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { + error("couldn't establish session for %s from %s", user, host); + exit(1); + } if (setpriority(PRIO_...

...es_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(user)) == NULL) { sia_ses_release(&ent); @@ -100,25 +99,22 @@ } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { + if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) fatal("Couldn't establish session for %s from %s", user, host); - } if (setpriority(PRIO_PROCESS, 0, 0) == -1) { sia_ses_release(&ent); fatal("setpriority: %s&qu...

...NULL; + int ret; + + if (sia_ses_init (&ent, saved_argc, saved_argv, + get_canonical_hostname(), user, NULL, 0, NULL) != SIASUCCESS) + return 0; + if ((ret = sia_ses_authent (NULL, pass, ent)) != SIASUCCESS) { + if (ret & SIASTOP) + sia_ses_release (&ent); + return 0; + } + if (sia_ses_estab (NULL, ent) != SIASUCCESS) + return 0; + sia_ses_release (&ent); + return 1; +} + +#endif /* HAVE_OSF_SIA */ diff -urN openssh-2.2.0p1-dist/auth1.c openssh-2.2.0p1/auth1.c --- openssh-2.2.0p1-dist/auth1.c Tue Aug 22 19:46:23 2000 +++ openssh-2.2.0p1/auth1.c Sat Oct 14 19:31:56 2000 @@ -18,18 +...

...es_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(user)) == NULL) { sia_ses_release(&ent); @@ -100,25 +99,22 @@ } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { + if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) fatal("Couldn't establish session for %s from %s", user, host); - } if (setpriority(PRIO_PROCESS, 0, 0) == -1) { sia_ses_release(&ent); fatal("setpriority: %s&qu...

...s_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(user)) == NULL) { sia_ses_release(&ent); @@ -100,25 +101,24 @@ } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { + if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) fatal("Couldn't establish session for %s from %s", user, host); - } if (setpriority(PRIO_PROCESS, 0, 0) == -1) { sia_ses_release(&ent); fatal("setpriority: %s&qu...

...s_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(user)) == NULL) { sia_ses_release(&ent); @@ -100,25 +101,24 @@ } ent->authtype = SIA_A_NONE; - if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { + if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) fatal("Couldn't establish session for %s from %s", user, host); - } if (setpriority(PRIO_PROCESS, 0, 0) == -1) { sia_ses_release(&ent); fatal("setpriority: %s&qu...

OpenSSH 3.3 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.2.3: ============================

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*