search for: use_dns

...retrieving revision 1.18 diff -u -r1.18 auth-sia.c --- auth-sia.c 7 Sep 2006 23:54:41 -0000 1.18 +++ auth-sia.c 14 Sep 2006 10:54:12 -0000 @@ -55,12 +55,14 @@ int ret; SIAENTITY *ent = NULL; const char *host; + struct passwd * pw = authctxt->pw; - host = get_canonical_hostname(options.use_dns); - + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + return (0); if (!authctxt->user || pass == NULL || pass[0] == '\0') return (0); + host = get_canonical_hostname(options.use_dns); if (sia_ses_init(&ent, saved_argc, saved_argv, host, authct...

http://bugzilla.mindrot.org/show_bug.cgi?id=974 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Platform|HPPA |All Summary|Enhancement : Record |Record Badlogins for

...ated == 0 && !authctxt->postponed && (strcmp(method, "password") == 0 || strncmp(method, "keyboard-interactive", 20) == 0 || strcmp(method, "challenge-response") == 0)) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); # ifdef WITH_AIXAUTHENTICATE if (authenticated) sys_auth_record_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh", &loginmsg); # endif #endif? Now I?ve just thought adding ?authctxt->password? should do the trick?unfortunately not....

...options->permit_user_rc = -1; @@ -327,6 +328,8 @@ options->max_authtries = DEFAULT_AUTH_FAIL_MAX; if (options->max_sessions == -1) options->max_sessions = DEFAULT_SESSIONS_MAX; + if (options->max_displays == -1) + options->max_displays = MAX_DISPLAYS; if (options->use_dns == -1) options->use_dns = 0; if (options->client_alive_interval == -1) @@ -429,7 +432,7 @@ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, - sAllowStreamLocalForwarding, sFingerp...

...t;sia.h> #include <siad.h> @@ -45,11 +46,12 @@ extern int saved_argc; extern char **saved_argv; +static SIAENTITY *ent = NULL; + int auth_sia_password(Authctxt *authctxt, char *pass) { int ret; - SIAENTITY *ent = NULL; const char *host; host = get_canonical_hostname(options.use_dns); @@ -57,6 +59,12 @@ if (!authctxt->user || pass == NULL || pass[0] == '\0') return (0); + if (ent) { + debug("Releasing old SIAENTITY!"); + sia_ses_release(&ent); + ent = NULL; + } + if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,...

...ving revision 1.10 diff -u -r1.10 port-aix.c --- openbsd-compat/port-aix.c 3 Jun 2003 02:45:27 -0000 1.10 +++ openbsd-compat/port-aix.c 2 Jul 2003 05:01:34 -0000 @@ -68,9 +68,13 @@ void record_failed_login(const char *user, const char *ttyname) { - char *hostname = get_canonical_hostname(options.use_dns); + char *hostname = (char *)get_canonical_hostname(options.use_dns); - loginfailed(user, hostname, ttyname); +# ifdef AIX_LOGINFAILED_4ARG + loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); +# else + loginfailed((char *)user, hostname, (char *)ttyname); +# endif } # en...

...success) { + char *msg; + + debug3("AIX/authenticate succeeded for user %s: %.100s", + pw->pw_name, authmsg); + /* We don't have a pty yet, so just label the line as "ssh" */ if (loginsuccess(authctxt->user, - get_canonical_hostname(options.use_dns), - "ssh", &aixloginmsg) < 0) { - aixloginmsg = NULL; + get_canonical_hostname(options.use_dns), "ssh", &msg) == 0){ + if (msg != NULL) { + buffer_append(&loginmsg, msg, strlen(msg)); + xfree(msg); + } } + } else { + debug3("AIX/auth...

...icmut/Projects/OpenSSH-Portable/openssh-6.0p1/auth.c src/auth.c =============================================================================== 546a547 > ConnectionInfo connection_info; 548,549c549,554 < parse_server_match_config(&options, user, < get_canonical_hostname(options.use_dns), get_remote_ipaddr()); --- > connection_info.user = user; > connection_info.host = get_canonical_hostname(options.use_dns); > connection_info.address = get_remote_ipaddr(); > connection_info.subsystem = NULL; > > parse_server_match_config(&options, &connection_info);...

...== NULL) { logit("session_input_channel_req: no session %d req %.100s", @@ -2267,6 +2269,10 @@ success = session_pty_req(s); } else if (strcmp(rtype, "x11-req") == 0) { success = session_x11_req(s); + if (success) { + host = get_canonical_hostname(options.use_dns); + verbose("X11 forwarding for %s to %s", s->pw->pw_name, host); + } } else if (strcmp(rtype, "auth-agent-req at openssh.com") == 0) { success = session_auth_agent_req(s); } else if (strcmp(rtype, "subsystem") == 0) {

If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an hour - timeout if fail2ban cannot connect to the internet. (I usually stop the machine with the power-button, re-boot into a different OS (Fedora) and

...dir_group (root); 12 dir_owner (root); 13 dir_perm (0700); 14 group (root); 15 owner (root); 16 perm (0600); 17 flush_lines(1); 18 flush_timeout (1000); 19 keep_hostname (yes); 20 log_fifo_size (1); 21 use_dns (no); 22 use_fqdn (no); 23 }; ... 39 source s_stdout { 40 # file ("/logs/stdout.log" flags(no-parse) follow_freq(1)); 41 file ("/logs/stdout.log" flags(no-parse)); 42 }; ... 61 destination d_stdout { file("/var/log/$YEAR$MONTH$DAY/stdout&...

...h-sia.c openssh/auth-sia.c --- openssh-dist/auth-sia.c Thu Mar 4 05:59:37 2004 +++ openssh/auth-sia.c Thu Apr 7 07:52:13 2005 @@ -53,6 +53,9 @@ SIAENTITY *ent = NULL; const char *host; + if (! auth_root_allowed ("password")) + return (0); + host = get_canonical_hostname(options.use_dns); if (!authctxt->user || pass == NULL || pass[0] == '\0') -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.

...diff -urN openssh-3.7p1-dist/auth-sia.c openssh-3.7p1/auth-sia.c --- openssh-3.7p1-dist/auth-sia.c Mon Jun 2 19:25:48 2003 +++ openssh-3.7p1/auth-sia.c Tue Sep 16 14:02:56 2003 @@ -80,6 +80,7 @@ { SIAENTITY *ent = NULL; const char *host; + uid_t uid; host = get_canonical_hostname(options.use_dns); @@ -103,8 +104,11 @@ sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) - fatal("setreuid: %s", strerror(errno)); + uid = geteuid(); + if (setuid(0) < 0) + fatal("setuid: %s", strerror(errno)); + if (setuid(uid) < 0) + fatal("setuid:...

This is just the first part -- it adds support for correctly reporting incoming connections when there's an external d?mon accepting the connections and invoking 'sshd -i' with them, like inetd does. In later patches I'll extend sshd to listen on a Bluetooth socket (and advertise the service in SDP) for itself, and extend the ssh client to make the connection directly. For now,

...0 @@ -1919,6 +1919,10 @@ main(int ac, char **av) verbose("Connection from %s port %d on %s port %d", remote_ip, remote_port, get_local_ipaddr(sock_in), get_local_port()); + + /* Match configuration against the connection */ + connection_info = get_connection_info(1, options.use_dns); + parse_server_match_config(&options, connection_info); /* * We don't want to listen forever unless the other side Index: sshd_config.5 =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.173 diff...

Hi. One thing that people seem to want to do with PAM is to deny a login immediately without interacting but return a message to the user. (Some platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd will just deny the login and the user will not be told why. Attached it a patch that return a keyboard-interactive packet with the message in the "instruction"

...dditional parameter (value of options.print_lastlog) to the sys_auth_record_login function in port-aix.c, port-aix.h and auth.c. auth.c # ifdef WITH_AIXAUTHENTICATE if (authenticated) sys_auth_record_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh", &loginmsg, options.print_lastlog); # endif port-aix.c int sys_auth_record_login(const char *user, const char *host, const char *ttynm, Buffer *loginmsg, int print_lastlog) { ... if(print_lastlog == 1) buffer_append(loginmsg, msg, strlen(msg)); xfree(msg);...

...shpam_handle_holder); + grab_pamh(1, sshpam_handle_holder); if (sshpam_err != PAM_SUCCESS) { - pam_end(sshpam_handle, sshpam_err); - sshpam_handle = NULL; + pam_end(grab_pamh(0, NULL), sshpam_err); + grab_pamh(1, NULL); return (-1); } pam_rhost = get_remote_name_or_ip(utmp_len, options.use_dns); debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost); - sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost); + sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_RHOST, pam_rhost); if (sshpam_err != PAM_SUCCESS) { - pam_end(sshpam_handle, sshpam_err); - sshpam_...

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

...n 0; } - if (options.num_deny_users > 0 || options.num_allow_users > 0) { + if (options.num_deny_users > 0 || options.num_allow_users > 0 || + options.num_allow_users_fixedname > 0 || + options.num_allow_users_ipaddr > 0 ) { hostname = get_canonical_hostname(options.use_dns); ipaddr = get_remote_ipaddr(); } /* Return false if user is listed in DenyUsers */ if (options.num_deny_users > 0) { for (i = 0; i < options.num_deny_users; i++) if (match_user(pw->pw_name, hostname, ipaddr, options.deny_users[i])) { logit("User %.100s...