search for: ttyname

...ars to address the problem: diff -ru openssh-2.9.9p2_orig/auth-pam.c openssh-2.9.9p2/auth-pam.c --- openssh-2.9.9p2_orig/auth-pam.c Mon Apr 23 14:38:37 2001 +++ openssh-2.9.9p2/auth-pam.c Mon Oct 29 15:32:08 2001 @@ -272,6 +272,12 @@ do_pam_set_conv(&conv); +#ifdef PAM_SUN_CODEBASE + if (ttyname == NULL) { + ttyname = ""; + } +#endif /* PAM_SUN_CODEBASE */ + if (ttyname != NULL) { debug("PAM setting tty to \"%.200s\"", ttyname); pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); Obviously that expands the meaning of PAM_SUN_CODEBASE a bit from its...

...error("fork: %.100s", strerror(errno)); else - debug("Forked child %d.", pid); + debug("Forked child %ld.", (long)pid); close(startup_p[1]); Index: sshpty.c @@ -318,12 +318,12 @@ if (st.st_uid != pw->pw_uid || st.st_gid != gid) { if (chown(ttyname, pw->pw_uid, gid) < 0) { if (errno == EROFS && st.st_uid == pw->pw_uid) - error("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + error("chown(%.100s, %ld, %ld) failed: %.100s", + ttyname, (long)pw->pw_uid, (...

Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal

...ard in it) that I want to use as a console server for a bunch of headless computers. I was wondering if there's a trivial app that I can run as the shell that ssh (or telnet) would run, example: #!/bin/bash port=$(echo "$SSH_CONNECT" | cut -d' ' -f4) let -i tty=$port-2000 ttyname=$(printf "/dev/ttyS%02d" $tty) (stty 19200 ; \ termserv) <$ttyname >$ttyname exit I could write one from scratch, but if someone already has, that would be even better. Thanks, -Philip

...======================= RCS file: sshpty.c,v retrieving revision 2.9.9.2 retrieving revision 2.9.9.2.0.1 diff -pu -r2.9.9.2 -r2.9.9.2.0.1 --- sshpty.c 2001/08/14 20:41:35 2.9.9.2 +++ sshpty.c 2001/09/28 18:37:50 2.9.9.2.0.1 @@ -381,12 +381,12 @@ pty_setowner(struct passwd *pw, const ch if (chown(ttyname, pw->pw_uid, gid) < 0) { if (errno == EROFS && (st.st_uid == pw->pw_uid || st.st_uid == 0)) - error("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, + error("chown(%.100s, %ld, %ld) failed: %.100s", + tty...

..."AIX is different than the rest of the world" department... AIX has something similar to setluid() on SCO, just that it uses text strings (similar to setenv()) and calls it "usrinfo". I've appended the man page below. Under normal conditions, well-behaved applications use ttyname(), logname() and getuid() get the relevant informations, but today I've come across one piece of commercial software that insists on using usrinfo(), and otherwise failed to use the proper user name when being called in an ssh session. So I'm afraid we have to support that. To my knowled...

...============= diff -u -r openssh-2.3.0p1.orig/login.c openssh-2.3.0p1/login.c --- openssh-2.3.0p1.orig/login.c Fri Sep 15 19:29:09 2000 +++ openssh-2.3.0p1/login.c Fri Jan 26 15:48:26 2001 @@ -80,11 +80,11 @@ /* Records that the user has logged out. */ void -record_logout(pid_t pid, const char *ttyname) +record_logout(pid_t pid, const char *ttyname, const char *user) { struct logininfo *li; - li = login_alloc_entry(pid, NULL, NULL, ttyname); + li = login_alloc_entry(pid, user, NULL, ttyname); login_logout(li); login_free_entry(li); } diff -u -r openssh-2.3.0p1.orig/loginrec.c opens...

...pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +#endif if (__pamh) { pam_retval = pam_end(__pamh, pam_retval); @@ -299,6 +301,18 @@ pam_retval, PAM_STRERROR(__pamh, pam_retval)); session_opened = 1; +} + +/* Set the TTY after session is open */ +void do_pam_set_tty(const char *ttyname) { + int pam_retval; + if (ttyname != NULL) { + debug("PAM setting tty to \"%.200s\"", ttyname); + pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); + if (pam_retval != PAM_SUCCESS) + fatal("PAM set tty failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pa...

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the patch idea, but I'd like to skip the whole 'chained function calls'...

...-- diff -u -r openssh-3.4p1/auth-pam.c openssh-3.4p1-dw/auth-pam.c --- openssh-3.4p1/auth-pam.c Tue May 7 21:27:56 2002 +++ openssh-3.4p1-dw/auth-pam.c Tue Jul 16 07:54:05 2002 @@ -294,6 +294,18 @@ session_opened = 1; } +/* Set the TTY after session is open */ +void do_pam_set_tty(const char *ttyname) { + int pam_retval; + if (ttyname != NULL) { + debug("PAM setting tty to \"%.200s\"", ttyname); + pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); + if (pam_retval != PAM_SUCCESS) + fatal("PAM set tty failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pa...

...orwarding_flag |= 2; break; -#endif default: log("PAM rejected by account configuration[%d]: " "%.200s", pam_retval, PAM_STRERROR(__pamh, @@ -301,6 +299,18 @@ session_opened = 1; } +/* Set the TTY after session is open */ +void do_pam_set_tty(const char *ttyname) { + int pam_retval; + if (ttyname != NULL) { + debug("PAM setting tty to \"%.200s\"", ttyname); + pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); + if (pam_retval != PAM_SUCCESS) + fatal("PAM set tty failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pa...

...@@ -42,6 +42,7 @@ RCSID("$OpenBSD: sshlogin.c,v 1.5 2002/08/29 15:57:25 stevesk Exp $"); #include "loginrec.h" +#include "log.h" /* * Returns the time when the user last logged in. Returns 0 if the @@ -98,4 +99,20 @@ li = login_alloc_entry(pid, user, NULL, ttyname); login_logout(li); login_free_entry(li); +} + + +/* Record a failed login attempt. */ +void +record_failed_login(const char *user, const char *host, const char *ttyname) +{ + debug3("%s user %s host %s tty %s", __func__, user, host, ttyname); + +#ifdef WITH_AIXAUTHENTICATE + loginf...

...ord for anthonyu 0 0 failed: No such file or directory Apr 5 19:29:45 maple sshd[16726]: error: chmod /dev/pts/1 19:29:45 sshd[16726]: Accepted password for anthonyu 0666 failed: No such file or directory And, a quick test showed this when using ssh2: Apr 5 19:32:07 original sshd[16821]: fatal: TTYNAME: /dev/pts/1 As opposed to this when using ssh1: Apr 5 19:32:25 original sshd[16823]: fatal: TTYNAME: /dev/pts/1 19:32:25 sshd[16823]: Accepted password for anthonyu So I dont think it's a problem with ttyname(3). Below is a workaround patch that allows logins, but I doubt it will be useful...

...ut(s->pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ pty_release(s->tty); --- sshlogin.c~ Tue May 8 16:33:06 2001 +++ sshlogin.c Mon Nov 19 12:08:34 2001 @@ -94,11 +94,11 @@ /* Records that the user has logged out. */ void -record_logout(pid_t pid, const char *ttyname) +record_logout(pid_t pid, const char *ttyname, const char *user) { struct logininfo *li; - li = login_alloc_entry(pid, NULL, NULL, ttyname); + li = login_alloc_entry(pid, user, NULL, ttyname); login_logout(li); login_free_entry(li); } --- sshlogin.h~ Wed Jul 4 00:46:58 2001 +++ ssh...

...assword change is necessary */ + password_change_required = 1; break; default: log("PAM rejected by account configuration: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_STRERROR(pamh, pam_retval)); return(0); } @@ -197,17 +232,17 @@ if (ttyname != NULL) { debug("PAM setting tty to \"%.200s\"", ttyname); - pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, ttyname); + pam_retval = pam_set_item(pamh, PAM_TTY, ttyname); if (pam_retval != PAM_SUCCESS) { fatal("PAM set tty failed: %.200s", -...

...s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ pty_release(s->tty); --- sshlogin.c~ Tue May 8 16:33:06 2001 +++ sshlogin.c Tue Jan 29 10:56:59 2002 @@ -94,11 +94,11 @@ /* Records that the user has logged out. */ void -record_logout(pid_t pid, const char *ttyname) +record_logout(pid_t pid, const char *ttyname, const char *user) { struct logininfo *li; - li = login_alloc_entry(pid, NULL, NULL, ttyname); + li = login_alloc_entry(pid, user, NULL, ttyname); login_logout(li); login_free_entry(li); } --- sshlogin.h~ Wed Jul 4 00:46:58 2001 +++ ssh...

cvs code from this morning (about 9am PST) breaks on slackware 7.1 w/ gcc 2.95.2.1 with an undefined reference to session_setup_sia in session.o. this seems to be the culprit here: #ifdef HAVE_OSF_SIA #else /* HAVE_OSF_SIA */ session_setup_sia(pw->pw_name, ttyname); since i have no idea what that's trying to accomplish (and seems to be a bit backwards to me from looking at the rest of the code dealing with sia), i figure i'll just let whoever wrote it sort it out. devon

...r no_libsocket and no_libnsl. The other bug looks more serious to me - quote from glibc manual: *Warning:* Using the `openpty' function with NAME not set to `NULL' is *very dangerous* because it provides no protection against overflowing the string NAME. You should use the `ttyname' function on the file descriptor returned in *SLAVE to find out the file name of the slave pseudo-terminal device instead. Thanks, and keep up the good work! Marek Index: configure.in =================================================================== RCS file: /cvs/openssh_cvs/conf...

...optional?) extra argument: Reason The patch changes the setpcred call to: setpcred(pw->pw_name, (char **)NULL); It also adds configure magic to detect a 4-arg loginfailed and #defines to use the appropriate call (hidden in port-aix.c, fortunately): loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); There are still a couple of warnings left which I hope to address in other patches. -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience...

...>pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ pty_release(s->tty); --- sshlogin.c.orig Thu Nov 15 09:35:02 2001 +++ sshlogin.c Thu Nov 15 09:38:01 2001 @@ -94,11 +94,11 @@ /* Records that the user has logged out. */ void -record_logout(pid_t pid, const char *ttyname) +record_logout(pid_t pid, const char *ttyname, const char *user) { struct logininfo *li; - li = login_alloc_entry(pid, NULL, NULL, ttyname); + li = login_alloc_entry(pid, user, NULL, ttyname); login_logout(li); login_free_entry(li); } --- sshlogin.h.orig Thu Nov 15 09:35:02 2001 ++...