search for: u_int

...roblem? I also found what I believe might be a bug in uidswap.c at line 88. It used to look like: ----- #ifndef SAVED_IDS_WORK_WITH_SETEUID /* Propagate the privileged gid to all of our gids. */ if (setgid(getegid()) < 0) debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); /* Propagate the privileged uid to all of our uids. */ if (setuid(geteuid()) < 0) debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ if (setegid(pw->pw_gid) &l...

...c line 2113). When doing this in sshd.c too, which I think is pretty straightforward, the packet_set_connection() will become obsolete. diff --git a/opacket.c b/opacket.c index 92e17a5..bff4c36 100755 --- a/opacket.c +++ b/opacket.c @@ -202,14 +202,6 @@ ssh_packet_get_cstring(struct ssh *ssh, u_int *length_ptr) /* Old API, that had to be reimplemented */ -void -packet_set_connection(int fd_in, int fd_out) -{ - active_state = ssh_packet_set_connection(active_state, fd_in, fd_out); - if (active_state == NULL) - fatal("%s: ssh_packet_set_connection failed", __func__); -} - u_in...

These patches implement a new mux client request to list the currently opened TCP forwardings. It also removes some todos regarding keeping the list of forwardings in the options up-to-date. Bert Wesarg (6): attach the forwarding type to struct Forward merge local and remote forward lists generate unique ids for forwardings to be used for identification remove closed forwardings from

...1.3.2.2 2003/07/01 01:38:13 sam Exp $*/ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ /* *************** *** 133,138 **** --- 133,139 ---- #endif static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */ + #if 0 /* search order for SAs */ static u_int saorder_state_valid[] = { SADB_SASTATE_DYING, SADB_SASTATE_MATURE, *************** *** 141,146 **** --- 142,155 ---- * for outbound processing. For inbound, This is not important. */ }; + #endif + static const u_int saorder_state_valid_prefer_old[] = { + SADB_SA...

...= 1 1900: setcontext(0xFFFFFFFF7FFFEBD0) 1900: close(8) = 0 1900: dup(7) = 8 1900: dup(7) = 9 The problem seems to be that read_etc_default_login() assumes that a u_int (unsigned int) is the same size as a size_t. This is true in sparcv7, but not in sparcv9: jparsons at sparc64:~# cat test.c #include <stdio.h> int main() { int n; size_t size; unsigned int uint; printf ("size_t: %d, u_int: %d\n", sizeof(size), sizeof(uint)); } jparsons at...

...oups(user_groupslen, user_groups) < 0) fatal("setgroups: %.100s", strerror(errno)); - pw->pw_gid = pw->pw_gid; +#ifndef SAVED_IDS_WORK_WITH_SETEUID + /* Propagate the privileged gid to all of our gids. */ + if (setgid(getegid()) < 0) + debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); + /* Propagate the privileged uid to all of our uids. */ + if (setuid(geteuid()) < 0) + debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); +#endif /* SAVED_IDS_WORK_WITH_SETEUID */ if (setegid(pw->pw_gid) < 0) - fatal("setegid...

...plementation. > > I can't just change the block size because it breaks compatibility. I can do > something like as a hack (though it would probably be better to do it with the > compat function): > > if (strstr(enc->name, "chacha")) > *max_blocks = (u_int64_t)1 << (16*2); > else if (enc->block_size >= 16) > *max_blocks = (u_int64_t)1 << (enc->block_size*2); > else > *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; > if (state->rekey_limit) > > to force it to reduce the rekey rate but...

...o OpenSSL implementation. > > I can't just change the block size because it breaks compatibility. I can do > something like as a hack (though it would probably be better to do it with the > compat function): > > if (strstr(enc->name, "chacha")) > *max_blocks = (u_int64_t)1 << (16*2); > else if (enc->block_size >= 16) > *max_blocks = (u_int64_t)1 << (enc->block_size*2); > else > *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; > if (state->rekey_limit) > > to force it to reduce the rekey rate but I'm...

...tatus != SSH2_FX_OK) ! error("Couldn't symlink file \"%s\" to \"%s\": %s", oldpath, newpath, fx2txt(status)); return(status); *************** *** 746,752 **** int local_fd, status, num_req, max_req, write_error; int read_error, write_errno; u_int64_t offset, size; ! u_int handle_len, mode, type, id, buflen; struct request { u_int id; u_int len; --- 796,802 ---- int local_fd, status, num_req, max_req, write_error; int read_error, write_errno; u_int64_t offset, size; ! u_int handle_len, mode, type, id, buflen, savemode;...

...I can't just change the block size because it breaks compatibility. I can > do > > something like as a hack (though it would probably be better to do it with > the > > compat function): > > > > if (strstr(enc->name, "chacha")) > > *max_blocks = (u_int64_t)1 << (16*2); > > else if (enc->block_size >= 16) > > *max_blocks = (u_int64_t)1 << (enc->block_size*2); > > else > > *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; > > if (state->rekey_limit) > > > > to force it t...

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid

...r, int new_value) +{ + buffer->unlimited = new_value; +} + /* Initializes the buffer structure. */ void @@ -30,6 +36,7 @@ buffer->alloc = len; buffer->offset = 0; buffer->end = 0; + buffer->unlimited = 0; } /* Frees any memory used for the buffer. */ @@ -78,7 +85,8 @@ u_int newlen; void *p; - if (len > 0x100000) + if ((buffer->unlimited && len > MAXBUFSZ) || + (!buffer->unlimited && len > 0x100000)) fatal("buffer_append_space: len %u not supported", len); /* If the buffer is empty, start using it from the beginn...

nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.

...< 0) fatal("setgroups: %.100s", strerror(errno)); #endif /* !HAVE_CYWIN */ ! #ifndef SAVED_IDS_WORK_WITH_SETEUID /* Propagate the privileged gid to all of our gids. */ if (setgid(getegid()) < 0) debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); --- 85,98 ---- if (setgroups(user_groupslen, user_groups) < 0) fatal("setgroups: %.100s", strerror(errno)); #endif /* !HAVE_CYWIN */ ! #ifdef SAVED_IDS_WORK_WITH_SETEUID ! if (setegid(pw->pw_gid) < 0) ! f...

...================================ RCS file: /cvs/src/usr.bin/ssh/buffer.c,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- buffer.c 26 Jun 2002 08:54:18 -0000 1.16 +++ buffer.c 16 Sep 2003 03:03:47 -0000 1.17 @@ -69,6 +69,7 @@ void * buffer_append_space(Buffer *buffer, u_int len) { + u_int newlen; void *p; if (len > 0x100000) @@ -98,11 +99,13 @@ goto restart; } /* Increase the size of the buffer and retry. */ - buffer->alloc += len + 32768; - if (buffer->alloc > 0xa00000) + + newlen = buffer->alloc + len + 32768; + if (newlen > 0xa00000...

...#endif #include "monitor_wrap.h" + +/* + * Set child environment variables starting with "X_BSD_AUTH". + * After the call to auth_close(), these variables are in the + * current environment if the login script has requested them. + */ +void +bsdauth_child_set_env(char ***envp, u_int *envsizep) +{ + extern char **environ; + char name[8*1024]; /* MAXSPOOLSIZE in auth_session_t */ + char *value; + u_int i, namelen; + + for (i = 0; environ[i] != NULL; i++) { + namelen = strcspn(environ[i], "="); + if (namelen + 1 > sizeof(name)) + continue; + snprintf(name, namel...

...cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2); else if (enc->block_size >= 16) *max_blocks = (u_int64_t)1 << (enc->block_size*2); else *max_blocks = ((u_int64_t)1 << 30) / enc->block_size; if (state->rekey_limit) to force it to reduce the rekey rate but I'm deeply unsure of what imp...

...ch.h" #include "log.h" +#include "monitor_wrap.h" + +extern char *__progname; -static int do_pam_conversation_kbd_int(int num_msg, - const struct pam_message **msg, struct pam_response **resp, - void *appdata_ptr); -void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt); - -struct { - int finished, num_received, num_expected; - int *prompts; - struct pam_response *responses; -} context_pam2 = {0, 0, 0, NULL}; - -static struct pam_conv conv2 = { - do_pam_conversation_kbd_int, - NULL, +struct sshpam_ctxt { + char *user; + pid_t pid; + int...

....h" -#include "dispatch.h" #include "log.h" +#include "monitor_wrap.h" -static int do_pam_conversation_kbd_int(int num_msg, - const struct pam_message **msg, struct pam_response **resp, - void *appdata_ptr); -void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt); - -struct { - int finished, num_received, num_expected; - int *prompts; - struct pam_response *responses; -} context_pam2 = {0, 0, 0, NULL}; - -static struct pam_conv conv2 = { - do_pam_conversation_kbd_int, - NULL, +struct pam_ctxt { + char *pam_user; + pid_t pam_pid; +...

..._bin2bn(bin, len, value); xfree(bin); } - /* - * Returns an integer from the buffer (4 bytes, msb first). + * Returns integers from the buffer (msb first). */ + +u_short +buffer_get_short(Buffer *buffer) +{ + u_char buf[2]; + buffer_get(buffer, (char *) buf, 2); + return GET_16BIT(buf); +} + u_int buffer_get_int(Buffer *buffer) { @@ -158,8 +166,16 @@ } /* - * Stores an integer in the buffer in 4 bytes, msb first. + * Stores integers in the buffer, msb first. */ +void +buffer_put_short(Buffer *buffer, u_short value) +{ + char buf[2]; + PUT_16BIT(buf, value); + buffer_append(buffer, buf...