search for: usrinfo

Hi, News from the "AIX is different than the rest of the world" department... AIX has something similar to setluid() on SCO, just that it uses text strings (similar to setenv()) and calls it "usrinfo". I've appended the man page below. Under normal conditions, well-behaved applications use ttyname(), logname() and getuid() get the relevant informations, but today I've come across one piece of commercial software that insists on using usrinfo(), and otherwise failed to use the pr...

http://bugzilla.mindrot.org/show_bug.cgi?id=283 ------- Additional Comments From janfrode at parallab.uib.no 2002-06-22 09:00 ------- hmm, I lost part of a sentence there.. I meant to say that commenting out: if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); from openbsd-compat/port-aix.c makes sshd function with UsePrivilegeSeparation enabled. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watchin...

http://bugzilla.mindrot.org/show_bug.cgi?id=283 Summary: UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo: Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: janfrode at pa...

Can we do this? Or should we drop the whole char *tty; ? There will be no way of setting the TTY= correctly while using privsep (Mainly for multiple streams over single session). The only thing we really could do is do: In do_setusercontext() if (use_privsep) aix_usrinfo(pw, NULL); and back in the old spot put: if (!use_privsep) aix_usrinfo(pw, s->ttyfd == -1 ? NULL : s->tty); that should allow users who need TTY set to at least have a working OpenSSH. Maybe add in a line to INSTALL or README about this issue. I'm more in favor of totally dumping TT...

...c patch I can compile 4.0p1 without a problem: > *** openbsd-compat/port-aix.h.orig Fri Mar 18 14:20:28 2005 > --- openbsd-compat/port-aix.h Fri Mar 18 14:21:16 2005 > *************** > *** 47,53 **** > > /* These should be in the system headers but are not. */ > int usrinfo(int, char *, int); > ! int setauthdb(const char *, char *); > /* these may or may not be in the headers depending on the version */ > #if (HAVE_DECL_AUTHENTICATE == 0) > int authenticate(char *, char *, int *, char **); > --- 47,53 ---- > > /* These should be in the sys...

The recent patch posted by Steve VanDevender <stevev at darkwing.uoregon.edu> for fixing the session code on Tru64 isn't quite right -- it still fails in the case of NO tty being allocated. The problem is that s->tty is a char[TTYSZ] rather than a char *, and hence can't hold a NULL. Calling sia_ses_init() with the tty being an empty string doesn't signify no tty, and

With 3.3p1 built on AIX 4.3.2: $ ssh [blah] Couldn't set usrinfo: Not owner debug1: Calling cleanup 0x20019080(0x200219a0) debug3: mm_request_send entering: type 27 debug1: Calling cleanup 0x20018dd4(0x0) Connection to songohan closed by remote host. Connection to songohan closed. Output from sshd -d -d -d: ... debug3: tty_parse_modes: 92 0 debu...

...================================================= RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/TODO,v retrieving revision 1.54 diff -u -r1.54 TODO --- TODO 18 May 2003 11:44:07 -0000 1.54 +++ TODO 18 May 2003 12:20:44 -0000 @@ -89,7 +89,7 @@ - PAM + See above PAM notes - AIX - + usrinfo() does not set TTY, but only required for legicy systems. Works + + usrinfo() does not set TTY, but only required for legacy systems. Works with PrivSep. - OSF + SIA is broken Index: openbsd-compat/bsd-cray.c =================================================================== RCS file:...

... who are nervous because: (a) it seems that there will be a widely-known vulnerability and/exploit for OpenSSH available in the coming days, and (b) the advertised fix for the problem, privilege separation, doesn't seem to be working on AIX as of the latest release version of OpenSSH (based on the comments I've read; I haven't tried it yet) ... ... what should we do? I've

Recently we made somemajor changes to do_child() in OpenSSH -current. Those changes included splitting it up into smaller chunks to help with readability and also to extract out IRIX and AIX specific code to reduce the number of lines in our diffs against the OpenSSH tree. I need people to do some testing on different platforms to ensure that all the right #ifdef/#endif bits got put back in

...); - } -#endif /* WITH_IRIX_AUDIT */ - +# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) + irix_setusercontext(pw); +# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ #ifdef _AIX /* * AIX has a "usrinfo" area where logname and

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the

Hi all, We're trying to hook up our Asterisk config (Card: TE410P) with a Siemens EWSD switch. The link is ok on both ends (green), with no errors. The problem is when we try to make a call from our side (via call files), we get the pri/E1 error Ext: 1 Cause: Temporary failure (41), class = Network Congestion (2) Our Telecom partner (they checked with Siemens) mentioned that we need to

https://bugzilla.mindrot.org/show_bug.cgi?id=1567 Summary: Insufficient privileges to chroot() on AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: bana

...ate debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug2: User child is on pid 15792 debug3: mm_request_receive entering Failed to set process credentials: A file or directory in the path name does not exist. debug3: AIX/UsrInfo: set len 31 debug1: permanently_set_uid: 6000/146 debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug2: fd 8 setting O_NONBLOCK debug2: fd 9 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session r...

...tate [preauth] debug3: mm_request_send entering: type 26 [preauth] debug3: mm_send_keystate: Finished sending state [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug3: ssh_sandbox_parent_finish: finished debug3: AIX/UsrInfo: set len 23 debug3: safely_chroot: checking '/' debug3: safely_chroot: checking '/cpdp' Changed root directory to "/cpdp" debug1: permanently_set_uid: 212/1 debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug2: fd 5...

Hi, I wonder, how can i use openssh Public key authentification with ActivCard pkcs11 x509 certificate store and login to only my account reading/using username provided from certificate DN, or principal name,friendly name ? b111887 and e411617 is administrator on this os. I have rights to put e411617 pub keys to b111887 home folder authorized keys. And because openssh ask's me to provide