search for: strict_mod

Displaying 17 results from an estimated 17 matches for "strict_mod".

Did you mean: strict_modes
2001 Jun 04
1
[PATCH]: Add check_ntsec to ownership/mode tests
...u -p -r1.17 auth-rhosts.c --- auth-rhosts.c 2001/04/12 23:34:35 1.17 +++ auth-rhosts.c 2001/06/04 10:05:34 @@ -228,6 +228,9 @@ auth_rhosts2(struct passwd *pw, const ch pw->pw_name, pw->pw_dir); return 0; } +#ifdef HAVE_CYGWIN + if (check_ntsec(pw->pw_dir)) +#endif if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || (st.st_mode & 022) != 0)) { Index: auth-rsa.c =================================================================== RCS file: /cvs/openssh_cvs/auth-rsa.c,v retrieving revision 1.31 diff -u -p -r1.31 auth-rsa.c --...
2007 Sep 07
0
Public key reading abstraction (to allow future work)
...); - /* Fail quietly if file does not exist */ - if (stat(file, &st) < 0) { - /* Restore the privileged uid. */ - restore_uid(); - xfree(file); - return (0); - } - /* Open the file containing the authorized keys. */ - f = fopen(file, "r"); + f = open_keyfile(file, pw, options.strict_modes); if (!f) { - /* Restore the privileged uid. */ - restore_uid(); - xfree(file); - return (0); - } - if (options.strict_modes && - secure_filename(f, file, pw, line, sizeof(line)) != 0) { - xfree(file); - fclose(f); - logit("Authentication refused: %s", line); + xfr...
2013 Jan 31
2
OpenSSH NoPty patch
...-new/servconf.c 2013-01-31 17:12:36.000000000 +0000 @@ -85,6 +85,7 @@ initialize_server_options(ServerOptions options->x11_forwarding = -1; options->x11_display_offset = -1; options->x11_use_localhost = -1; + options->no_pty = -1; options->xauth_location = NULL; options->strict_modes = -1; options->tcp_keep_alive = -1; @@ -201,6 +202,8 @@ fill_default_server_options(ServerOption options->x11_use_localhost = 1; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; + if (options->no_pty == -1) + options->no_pty = 0; if (optio...
2000 Aug 13
1
Patches for openssh port forwarding
...-- openssh-2.1.1p4/servconf.c Sat Jul 15 07:14:17 2000 +++ openssh-2.1.1p4-jhchanges/servconf.c Sun Aug 13 00:06:25 2000 @@ -45,6 +45,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + options->port_forwarding = -1; options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility) - 1; @@ -116,6 +117,8 @@ if (options->xauth_location == NULL) options->xauth_location = XAUTH_PATH; #endif /* XAUTH_PATH */ + if (options->port_forwarding == -1) + options->port_forwarding = 1;...
2002 Feb 12
0
[Patch] Xauthority file in /tmp
...c --- openssh-3.0.2p1.orig/servconf.c Wed Nov 14 00:03:15 2001 +++ openssh-3.0.2p1/servconf.c Tue Feb 12 14:21:14 2002 @@ -64,6 +64,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + options->xauthority_in_tmp = -1; options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility) - 1; @@ -258,7 +259,7 @@ sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMax...
2001 Jun 02
4
authorized_keys2 directory idea
...2001 @@ -26,6 +28,8 @@ if (!f) { /* Restore the privileged uid. */ restore_uid(); + packet_send_debug("Could not open %.900s for reading.", file); + packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); return 0; } if (options.strict_modes) { was this left out by design, or a leftover in auth-rsa.c ? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
2001 Dec 03
2
Bug in rsyncd 2.5.0 while handling config file string values
...0x0, lock_file = 0x8076813 "/var/run/rsyncd.lock", read_only = 1, list = 1, use_chroot = 1, transfer_logging = 0, ignore_errors = 0, uid = 0x807680c "nobody", gid = 0x807680c "nobody", hosts_allow = 0x0, hosts_deny = 0x0, auth_users = 0x0, secrets_file = 0x0, strict_modes = 1, exclude = 0x0, exclude_from = 0x0, include = 0x0, include_from = 0x0, log_format = 0x80767f3 "%o %h [%a] %m (%u) %f %l", refuse_options = 0x0, dont_compress = 0x80767c0 "*.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz", timeout = 0, max_connections = 0, ignore...
2001 Apr 22
1
relaxing access rights verifications
...fr/infosci/RFC/18xx/1855 -------------- next part -------------- diff -ur openssh-2.5.2p2.orig/auth-rhosts.c openssh-2.5.2p2/auth-rhosts.c --- openssh-2.5.2p2.orig/auth-rhosts.c Fri Feb 9 03:11:24 2001 +++ openssh-2.5.2p2/auth-rhosts.c Sun Apr 22 01:19:56 2001 @@ -215,7 +215,8 @@ } if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + (st.st_uid == 0 && (st.st_mode & 002) != 0) || + (st.st_uid != 0 && (st.st_mode & 022) != 0))) { log("Rhosts authentication refused for %....
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)
2003 Mar 28
0
PRIVSEP annoys me.
...for reading.",file); > packet_send_debug("If your home is on an NFS volume, > it may need to be world-readable."); > /* Restore the privileged uid. */ > restore_uid(); > return 0; > } > > if (options.strict_modes && > secure_filename(f, file, pw, line, sizeof(line)) != 0) { > fclose(f); > log("Authentication refused: %s", line); > restore_uid(); > return 0; > } > > key = key_new(KEY_RSA); > > /* > * Get the public key from the file. I...
2000 Aug 23
1
Protocol 2 remote forwarding patch
...*/ +extern int allow_port_forwarding; + /* add listen address */ void add_listen_addr(ServerOptions *options, char *addr); @@ -45,6 +48,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + allow_port_forwarding = -1; options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility) - 1; @@ -116,6 +120,8 @@ if (options->xauth_location == NULL) options->xauth_location = XAUTH_PATH; #endif /* XAUTH_PATH */ + if (allow_port_forwarding == -1) + allow_port_forwarding = 1; /* Allow...
2002 Jan 23
0
[PATCH] Add multiple AuthorizedKeyFiles options
...ontaining the authorized keys. */ @@ -160,12 +179,10 @@ restore_uid(); packet_send_debug("Could not open %.900s for reading.", file); packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); - xfree(file); return 0; } if (options.strict_modes && secure_filename(f, file, pw, line, sizeof(line)) != 0) { - xfree(file); fclose(f); log("Authentication refused: %s", line); packet_send_debug("Authentication refused: %s", line); @@ -271,7 +288,6 @@ restore_uid(); /* Close the file. */ - xfree(...
2001 Nov 20
3
problem with AFS token forwarding
Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the
2012 Dec 27
3
[PATCH] hostfile: list known names (if any) for new hostkeys
...*pw, Key *key, const char *host, const struct hostkey_entry *found; hostkeys = init_hostkeys(); - load_hostkeys(hostkeys, host, sysfile); + load_hostkeys(hostkeys, host, NULL, sysfile); if (userfile != NULL) { user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); if (options.strict_modes && @@ -393,7 +393,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, user_hostfile); } else { temporarily_use_uid(pw); - load_hostkeys(hostkeys, host, user_hostfile); + load_hostkeys(hostkeys, host, NULL, user_hostfile); restore_uid(); }...
2003 Jan 29
0
[PATCH] features for restricted shell environments
..."x11") == 0) + options->restrictions |= RESTRICT_X11; + else + fatal("%s line %d: unknown restriction %s.", + filename, linenum, p); + } + charptr = &options->restricted_shell; + goto parse_filename; + case sStrictModes: intptr = &options->strict_modes; goto parse_flag; @@ -761,6 +800,22 @@ case sAllowTcpForwarding: intptr = &options->allow_tcp_forwarding; + goto parse_flag; + + case sPermitTcpConnect: + arg = strdelim(&cp); + p = NULL; + if (!arg || *arg == '\0') + p = "missing"; + if (channel_add_...
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the