similar to: patch in user validation code

The Linux/Unix-port of OpenSSH-1.2.3 in sshd.c:allowed_user() denies Login to users with an empty shell-field in /etc/passwd. According to the docs this is wrong and an empty shell-field should default to /bin/sh. I'm sure that this is what was intended, because code and comment get it right in sshd.c:do_child(): * Get the shell from the password data. An empty shell field is

Sorry - my previous patch was bad. Here is the corrected one. Cheers, Theo -------------- next part -------------- diff -Naur openssh-1.2.3-dist/sshd.c openssh-1.2.3/sshd.c --- openssh-1.2.3-dist/sshd.c Fri Mar 31 23:04:10 2000 +++ openssh-1.2.3/sshd.c Fri Mar 31 23:24:21 2000 @@ -1121,6 +1121,7 @@ struct stat st; struct group *grp; int i; + char*shell; #ifdef WITH_AIXAUTHENTICATE char

The primary purpose of the attached patches is for portable OpenSSH to support changing expired passwords as specified in shadow password files. To support that, I did a couple enhancements to the base OpenBSD OpenSSH code. They are: 1. Consolidated the handling of "forced_command" into a do_exec() function in session.c. These were being handled inconsistently and allocated

The following are patches against openssh 2.1.1p4 to add support for the BSD_AUTH authentication mechanisms. It allows the use of non-challenge/response style mechanisms (which styles are allowed my be limited by appropriate auth-ssh entries in login.conf). The patches also add support for calling setusercontext for the appropriate class when called with a command (so that the PATH, limits,

Good day - Please can OpenSSH provide some way of specifying which shell to use to execute commands on a host. For the account I need to use, the user's password shell is not acceptable, (a ten year old version of bash 3.0) and cannot be changed without weeks or months of burocracy , if at all. I built & installed the latest bash under that account, in the ~/bin directory, but SSH will

This patch revive almost all login.conf and password/account expiration features, makes OpenSSH more FreeBSD login compatible and fix non-critical memory leak. Please review and commit. --- sshd.c.old Fri Feb 25 08:23:45 2000 +++ sshd.c Sun Feb 27 02:53:33 2000 @@ -37,9 +37,8 @@ #endif /* LIBWRAP */ #ifdef __FreeBSD__ -#include <libutil.h> -#include <syslog.h> #define LOGIN_CAP

Under Aix directories have the mode 024xxxx instead of the customary 04xxxx. Because of this when you sync a directory to or from an Aix system it's never up to date. Here is a patch which fixes this. It causes rsync to look at only the bits that chmod actually influences, 07777, when deciding whether or not the modes differ. I was surprised there wasn't an existing constant for 07777,

Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time

http://bugzilla.mindrot.org/show_bug.cgi?id=453 Summary: [PATCH] The SHELL env variable is set incorrectly, when shell is overridden from login.conf. Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: FreeBSD Status: NEW Severity: normal Priority: P2 Component: sshd

Hi All. With one eye on the do_pam_chauthtok() stuff I've merged contributions by Pablo Sor and Mark Pitt into a patch against -current. I'm interested in testers and suggestions for improvements. The patch extends the loginrestrictions test to include expired accounts (but unlike Mark's patch, doesn't log accounts with expired passwords unless they're locked) and adds

Previously if you were root, and you tried to change directory into a directory which was not owned by you and not readable (eg. 0700 bin:bin), it would fail. This doesn't fail on regular directories because when you are root the kernel just ignores permissions. Although libguestfs in general tries not to duplicate kernel code, in the case where we emulate the FUSE access(2) system call,

This is an attempt to simplify the AIX expiry-via-passwd stuff and make it more generic. (There's actually a net reduction in #ifdefs). Patch against CVS: 1) configure finds passwd. 2) sshd uses passwd during session if required. 3) sshd uses passwd for PAM change if privsep disabled. 4) sshd uses Buffers for expire and post-login messages (no longer AIX specific). 5) password_change_required

Attached is a simple patch which allows an auth param 'shell=' like 'command=' When specified, sshd will use this shell instead of the one in /etc/passwd or the default shell. This patch allows you can have some chrooted shell (actually any shell) associated with a specific key. You could do this with command=, but then the command given to ssh will be ignored, and scp will not

Hi All. First the questions: Is there anything objectionable in this patch? Is AUDIT_FAIL_AUTH appropriate for the "Reason" field? Now the details: attached is a patch that changes some of the #includes for AIX. It moves the AIX-specific includes to port-aix.h and adds includes that contain the prototypes for many of the authentication functions. The idea isto fix some warnings.

Hi All. I've decided to try to merge the -Portable parts of the password expiry patch (see bug #14) that do not depend on the OpenBSD change in bug #463. The attached patch is the first step in this process. It removes the AIX-specific "char *aixloginmsg" and replaces it with a platform-neutral "Buffer loginmsg". I think this is worth having in -Portable even if it

Hi, I have made a patch for AIX to report the number of days till a password expire and to prompt for a new one. This patch was made for openssh-SNAP-20010904.tar.gz (2.9p2) of the CVS repository. If you have any suggestion or question to submit, please cc to me, I'm not in the list. Bye -- Pablo Sor Departamento de Seguridad Informatica - AFIP psor at afip.gov.ar, psor at ccc.uba.ar

The patch below follows changes in AIX utmp handling made between AIX 4.3.3 and 5.1. With it, utmp entries are properly recorded again. The patch applies to OpenSSH 3.1p1, and seems to work fine. The co-worker who sent me the patch hasn't tested backwards compatibility on AIX 4.3.3 systems. Richard ------- *** openssh-2.9.9p2/auth-passwd.c.org Tue Jul 3 23:21:15 2001 ---

Hi Aki and Remo, switch from vpopmail driver to SQL driver (if you are using vpopmail with mysql as backend) is very simple. First you need to setup the right query for vpopmail database: # cat /etc/dovecot/dovecot-sql.conf.ext ### Vpopmail driver = mysql connect = host=192.168.1.2 dbname=vpopmail user=vpopmail password=Vp0pM4iL default_pass_scheme = MD5-CRYPT ### Query to get a list of all

Hi Folks, While compiling and testing openssh-2.5.2p2 on various AIX platforms, I've found that ssh will not accept root (based on ssh key credentials) logins at all if the AIX security features have been set to disallow remote root logins. If I disable the AIX security feature (enable remote root logins), I can then do bad things like rsh, telnet, etc. into the box as root. This deviates

Hi All. As noted in a previous post, the logging of failed user logins is somewhat spread out. This patch creates a record_failed_login() function in sshlogin.c and moves the AIX and UNICOS code to it, eliminating 3 #ifdefs from the main code. It also provides an obvious place to add the code for any other platforms that support this. I've tested this on AIX 4.3.3. Wendy Palm was kind