search for: with_aixauthenticate

...Tue May 9 09:50:13 2000 +++ acconfig.h Tue May 9 09:50:19 2000 @@ -9,7 +9,7 @@ /* Define if you want to disable PAM support */ #undef DISABLE_PAM -/* Define if you want to disable AIX4's authenticate function */ +/* Define if you want to enable AIX4's authenticate function */ #undef WITH_AIXAUTHENTICATE /* Define if you want to disable lastlog support */ --- auth.c.orig Wed May 10 16:00:39 2000 +++ auth.c Thu May 11 13:11:23 2000 @@ -19,6 +19,9 @@ #include "compat.h" #include "channels.h" #include "match.h" +#ifdef HAVE_LOGIN_H +#include <login.h> +#endif...

...=================================================================== RCS file: /cvs/openssh/auth.c,v retrieving revision 1.58 diff -u -r1.58 auth.c --- auth.c 21 Sep 2002 15:26:53 -0000 1.58 +++ auth.c 13 Oct 2002 11:06:27 -0000 @@ -59,6 +59,12 @@ Buffer auth_debug; int auth_debug_init; +#ifdef WITH_AIXAUTHENTICATE +void aix_remove_embedded_newlines(char *); +extern char *aixexpiremsg; +extern int aix_password_change_required; +#endif + /* * Check if the user is allowed to log in via ssh. If user is listed * in DenyUsers or one of user's groups is listed in DenyGroups, false @@ -202,19 +208,39 @@ }...

...#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) /* Don't need any of these headers for the PAM or SIA cases */ @@ -81,8 +83,10 @@ #endif /* !USE_PAM && !HAVE_OSF_SIA */ extern ServerOptions options; +extern Buffer login_message; +extern int password_change_required; #ifdef WITH_AIXAUTHENTICATE -extern char *aixloginmsg; +void aix_remove_embedded_newlines(char *); #endif /* @@ -149,13 +153,23 @@ #endif #ifdef WITH_AIXAUTHENTICATE authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + aix_remove_embedded_newlines(authmsg); - if (authsuccess) + if...

.../usr/local/src/security/openssh/cvs/openssh_cvs/acconfig.h,v retrieving revision 1.157 diff -u -r1.157 acconfig.h --- acconfig.h 11 Jun 2003 12:51:32 -0000 1.157 +++ acconfig.h 1 Jul 2003 12:22:40 -0000 @@ -110,6 +110,9 @@ /* Define if you want to enable AIX4's authenticate function */ #undef WITH_AIXAUTHENTICATE +/* Define if your AIX loginfailed() function takes 4 arguments */ +#undef AIX_LOGINFAILED_4ARG + /* Define if you have/want arrays (cluster-wide session managment, not C arrays) */ #undef WITH_IRIX_ARRAY Index: auth-passwd.c ===================================================================...

...nclude "auth.h" +#include "buffer.h" +#include "xmalloc.h" +#include "canohost.h" #if !defined(HAVE_OSF_SIA) /* Don't need any of these headers for the SIA cases */ @@ -81,9 +84,7 @@ #endif /* !HAVE_OSF_SIA */ extern ServerOptions options; -#ifdef WITH_AIXAUTHENTICATE -extern char *aixloginmsg; -#endif +extern Buffer loginmsg; /* * Tries to authenticate the user using password. Returns true if @@ -151,15 +152,28 @@ # endif # ifdef WITH_AIXAUTHENTICATE authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + aix_remove_emb...

--- auth1.c.orig Sat Feb 3 18:17:53 2001 Bringa AIX modes in line with latest changes to auth1.c +++ auth1.c Sat Feb 3 18:19:15 2001 @@ -347,7 +347,7 @@ if (authctxt->failures++ > AUTH_FAIL_MAX) { #ifdef WITH_AIXAUTHENTICATE - loginfailed(user,get_canonical_hostname(),"ssh"); + loginfailed(authctxt->user,get_canonical_hostname(),"ssh"); #endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, authctxt->user); }

...or Departamento de Seguridad Informatica - AFIP psor at afip.gov.ar, psor at ccc.uba.ar -------------- next part -------------- --- session.c Tue Sep 4 13:16:07 2001 +++ session.c Tue Sep 4 13:16:10 2001 @@ -57,6 +57,10 @@ #include "canohost.h" #include "session.h" +#ifdef WITH_AIXAUTHENTICATE +#include "misc.h" +#endif /* WITH_AIXAUTHENTICATE */ + #ifdef WITH_IRIX_PROJECT #include <proj.h> #endif /* WITH_IRIX_PROJECT */ @@ -675,13 +679,14 @@ void do_login(Session *s, const char *command) { - char *time_string; + char *time_string,*msg; char hostname[MAXHOSTNAMELE...

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the patch idea, but I'd like to skip the whole 'chained function calls'. Plus it avoids closely packed #ifdef/...

...DCE" Suggested (untested) patch should look like: ----------------- cut -------------------- % diff -u auth-passwd.c-original auth-passwd.c --- auth-passwd.c-original 2002-08-12 18:43:25.000000000 +0200 +++ auth-passwd.c 2002-08-12 19:02:43.000000000 +0200 @@ -114,6 +114,7 @@ #ifdef WITH_AIXAUTHENTICATE char *authmsg; char *loginmsg; + int rc; int reenter = 1; #endif @@ -145,7 +146,11 @@ } #endif #ifdef WITH_AIXAUTHENTICATE - return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + while (reenter) { + rc = authenticate (pw->pw_name,password,&reenter,&am...

...ssword at anytime, however once set, access should be denied. Being a simple soul, I have added a routine passwdexpires ( AIX Lib ) directly after loginrestrictions with the same code. I think this should be urgently added to the code - hope this helps. auth.c /* mpi change expiresmsg */ #ifdef WITH_AIXAUTHENTICATE char *loginmsg; char *expiresmsg; int passexpcode; #endif /* WITH_AIXAUTHENTICATE */ #ifdef WITH_AIXAUTHENTICATE auth.c /* mpi change passwdexpires hinein */ if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { if (login...

Somewhere between 2.9p1 and 2.9.9p2 there was a change to auth2.c that removed the userauth_reply() function. There were a few lines of code in that function, #ifdef'd with WITH_AIXAUTHENTICATE, that handled the AIX method of lastlog type stuff (specifically, a loginsuccess() call). There is a similar call in auth1.c, down in do_authentication(), which is still there in 2.9.9p2. So with 2.9.9p2, the lastlog stuff is handled properly if you connect with protocol version 1, but not with pr...

.... The co-worker who sent me the patch hasn't tested backwards compatibility on AIX 4.3.3 systems. Richard ------- *** openssh-2.9.9p2/auth-passwd.c.org Tue Jul 3 23:21:15 2001 --- openssh-2.9.9p2/auth-passwd.c Tue Oct 2 10:13:47 2001 *************** *** 147,153 **** } #endif #ifdef WITH_AIXAUTHENTICATE ! return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); #endif #ifdef KRB4 if (options.kerberos_authentication == 1) { --- 147,157 ---- } #endif #ifdef WITH_AIXAUTHENTICATE ! if (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0) ! re...

...llips Alaska, Inc. PGP Key Fingerprint: 2048/0x57318496 053B 412B 82FC 3808 E141 CDCD 74AE 01C5 5731 8496 -------------- next part -------------- *** auth.c Tue Apr 24 16:01:02 2001 --- ../openssh-2.5.2p2/auth.c Mon Mar 19 13:15:57 2001 *************** *** 142,164 **** } #ifdef WITH_AIXAUTHENTICATE ! if ((pw->pw_uid != 0) && (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0)) { ! if (loginmsg && *loginmsg) { ! /* Remove embedded newlines (if any) */ ! char *p; !...

Using openssh-SNAP-20001016 all of our problems with hanging connections have gone away (woohoo!), and it seems to be working flawlessly, but I am seeing messages like this in syslog: Oct 24 16:57:48 dhumb301 sshd[17752]: error: channel 0: internal error: we do not read, but chan_read_failed for istate 8 Oct 24 16:57:59 dhumb301 sshd[17771]: error: select: Bad file descriptor Oct 24 16:58:30

...================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v retrieving revision 1.67 diff -u -r1.67 auth.c --- auth.c 18 Jan 2003 05:24:06 -0000 1.67 +++ auth.c 25 Feb 2003 09:52:31 -0000 @@ -268,13 +268,10 @@ get_remote_port(), info); -#ifdef WITH_AIXAUTHENTICATE if (authenticated == 0 && strcmp(method, "password") == 0) - loginfailed(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ - + record_failed_login(authctxt->user, + get_canonical_ho...

...================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v retrieving revision 1.67 diff -u -r1.67 auth.c --- auth.c 18 Jan 2003 05:24:06 -0000 1.67 +++ auth.c 25 Feb 2003 09:52:31 -0000 @@ -268,13 +268,10 @@ get_remote_port(), info); -#ifdef WITH_AIXAUTHENTICATE if (authenticated == 0 && strcmp(method, "password") == 0) - loginfailed(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ - + record_failed_login(authctxt->user, + get_canonical_ho...

...================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v retrieving revision 1.67 diff -u -r1.67 auth.c --- auth.c 18 Jan 2003 05:24:06 -0000 1.67 +++ auth.c 27 Jan 2003 11:39:07 -0000 @@ -268,13 +268,11 @@ get_remote_port(), info); -#ifdef WITH_AIXAUTHENTICATE - if (authenticated == 0 && strcmp(method, "password") == 0) - loginfailed(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ - + if (geteuid() == 0 && authenticated == 0 && +...

...s. If I disable the AIX security feature (enable remote root logins), I can then do bad things like rsh, telnet, etc. into the box as root. [...] *** auth.c Tue Apr 24 16:01:02 2001 --- ../openssh-2.5.2p2/auth.c Mon Mar 19 13:15:57 2001 *************** *** 142,164 **** } #ifdef WITH_AIXAUTHENTICATE ! if ((pw->pw_uid != 0) && (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0)) { ! if (loginmsg && *loginmsg) { ! /* Remove embedded newlines (if any) */ ! char *p; !...

...ening here. *** acconfig.h.DIST Tue Jan 11 09:38:15 2000 --- acconfig.h Tue Jan 11 12:11:02 2000 *************** *** 12,17 **** --- 12,23 ---- /* Define if you want to disable PAM support */ #undef DISABLE_PAM + /* Define if you want to disable AIX4's authenticate function */ + #undef WITH_AIXAUTHENTICATE + + /* Define if you want to use system random */ + #undef USE_SYSRANDOM + /* Define if you want to disable lastlog support */ #undef DISABLE_LASTLOG *************** *** 29,34 **** --- 35,69 ---- /* Define if using the Dante SOCKS library. */ #undef HAVE_DANTE + + /* Define this if...

http://bugzilla.mindrot.org/show_bug.cgi?id=383 ------- Additional Comments From markus at openbsd.org 2002-08-23 07:46 ------- what does "rlogin set to false" mean? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.