search for: x_authctxt

...d like to change the dispatch_* functions so that they accept an Authctxt * instead of a void * (this parameter is already used this way). In addition, I'd have to pass the authctxt all the way down to channel_connect_to(). As a side effect, it's possible to get rid of the global variable x_authctxt (which seems to be sort of a hack), because it's easy to provide the authctxt information in all places where auth_get_user() is currently called. In addition, server_loop() would be changed to accept a struct passwd * and build a fake authctxt for it, to be compatible with the v2 code path....

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...UTH_PASSWORD: if (!options.password_authentication) { diff -u5 openssh-3.0.2p1.orig/auth2.c openssh-3.0.2p1/auth2.c --- openssh-3.0.2p1.orig/auth2.c Tue Nov 13 13:46:19 2001 +++ openssh-3.0.2p1/auth2.c Tue Jan 29 15:21:58 2002 @@ -58,10 +58,14 @@ extern int session_id2_len; static Authctxt *x_authctxt = NULL; static int one = 1; +static char real_info[1024] = " ssh2"; +static char *info = real_info + 5; +static int info_size = sizeof(real_info)-5; + typedef struct Authmethod Authmethod; struct Authmethod { char *name; int (*userauth)(Authctxt *authctxt); int *enabled; @@ -26...

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

...--- openssh.orig/auth2.c Wed Dec 6 20:11:25 2000 +++ openssh/auth2.c Sat Feb 10 00:06:24 2001 @@ -60,6 +60,7 @@ extern ServerOptions options; extern unsigned char *session_id2; extern int session_id2_len; +extern int user_authenticated_as_root; /* Jarno: from channels.c */ static Authctxt *x_authctxt = NULL; static int one = 1; @@ -282,6 +283,13 @@ /* Log before sending the reply */ userauth_log(authctxt, authenticated, method); userauth_reply(authctxt, authenticated); + + if (authenticated == 1 && + authctxt->pw && authctxt->pw->pw_uid == (uid_t)0) { + user...

...VIX realname passed out is %s", realname); + debug(" VIX tempvar passed out %s", temprealname); +} + /* * loop until authctxt->success == TRUE */ @@ -114,8 +136,11 @@ { Authctxt *authctxt = authctxt_new(); + char realname[40] = "unknown"; + x_authctxt = authctxt; /*XXX*/ + /* challenge-response is implemented via keyboard interactive */ if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; @@ -125,7 +150,7 @@ dispatch_init(&dispatch_protocol_error);...

http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From bugzilla-openssh at thewrittenword.com 2002-06-26 01:20 ------- Are you sure? I have 3.3p1 running on 4.0D and 5.1 and I can connect as non-root. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.