similar to: [PATCH]: Drop the use of `check_nt_auth'.

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

Hi, the following patch is a (hopefully least intrusive) extension when sshd is started so that it daemonizes itself. In that case Windows 9x/Me has a slight problem with sshd as soon as the current user logs off. The sshd daemon will be killed as well. Since installing services is very different between NT and 9x, the way used for NT boxes isn't working well for 9x. For that reason

Hi, the following patch rearranges some checkings in bsd-cygwin-util.c to keep in sync with Cygwin versions. I moved the uname() check into it's own function so that it's easier to add further checks when necessary. Corinna Index: openbsd-compat/bsd-cygwin_util.c =================================================================== RCS file:

Hi, the attached patch file contains two patches in one: - contrib/cygwin/ssh-host-config: Create sshd_config according to latest changes. - openbsd-compat/bsd-cygwin_util.c: Rewrite a bit to allow easier retrieval of Cygwin capabilities from version number (uname). For Cygwin versions beginning with API minor version 56 assume ntsec being on by default. Thanks in advance for applying

Hi, attached is a patch which solves the following problem: Sometimes scp could hang in Cygwin when used as remote end using the -t option. This is due to a binmode/textmode problem which could be raised by the login shell which is used by the user and it's setting of textmode on stdin. The patch solves that problem by explicitly setting binmode on stdin. Besides solving the hanging

Hi, the following patch checks if OpenSSH is running under a Cygwin version >= 1.3.2 which allows switching user context without password. Otherwise sshd allows changing the user context only if password authentication is used as it was before. Corinna Index: openbsd-compat/bsd-cygwin_util.c =================================================================== RCS file:

Hi, I have left this slip through already too long. When compiling openbsd-compat/bsd-cygwin_util.c, the following warnings appear: openbsd-compat/bsd-cygwin_util.c: In function `binary_open': openbsd-compat/bsd-cygwin_util.c:67: warning: implicit declaration of function `open' openbsd-compat/bsd-cygwin_util.c: In function `binary_pipe': openbsd-compat/bsd-cygwin_util.c:73:

I had to update the Cygwin port for two reasons: - scp could fail because of another textmode/binmode problem. - Privileged ports are not privileged on Windows and there's no coherence between privileged user and uid 0. So I send the complete patch again with the above changes. ChangeLog: ========== - Makefile.in: Changed to support $EXEEXT transparently. Added `cygwin_util.o' to

Attached is the patch for the Cygwin port of 2.2.0p1. As usual I didn't attach the patch to `configure' but only the patch to `configure.in'. BTW: I have attached a gzip'd version of the patch since it's size is > 20K and I thought that it might be too big. The gzip'd diff is < 8K. What are "Small attachments (such as diff files) within the bounds of common

Hi, is it possible to apply the below patch before 3.8.1p1 comes out? Due to a posting on the Cygwin mailing list it turned out, that the prerequisites to allow public key authentication where to tight. Since Cygwin version 1.5.x the so called `ntsec' setting isn't require anymore to allow switching user context without password. The below patch to bsd-cygwin_util.c fixes the test for

On Feb 22 16:02, Darren Tucker wrote: > On Fri, Feb 22, 2019 at 03:32:43PM +1100, Darren Tucker wrote: > > On Wed, 20 Feb 2019 at 23:54, Corinna Vinschen <vinschen at redhat.com> wrote: > > > The previous revert enabled case-insensitive user names again. This > > > patch implements the case-insensitive user and group name matching. > > > To allow Unicode

Hi, I have added calls to `check_ntsec()' to the code which checks for the ownership and modes of identity files and directories. As you might know, check_ntsec() tests if owner/modes are supported by the OS (9x/ME=no, NT/W2K=yes), the filesystem (FAT/FAT32=no, NTFS=yes) and the current Cygwin settings (ntea/ntsec). Corinna Index: auth-rhosts.c

http://bugzilla.mindrot.org/show_bug.cgi?id=118 Summary: Implement TIS (protocol 1) via PAM Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: fcusack at

Dear list, since the order of authentication and AFS token/KRB TGT forwarding changed (around 3.0), we have had problems with users accidentally overwriting their credentials from a "password" login with forwarded credentials. E.g. user A logs in as user B, but stays with the AFS permissions of user A. A workaround is to use "-k" on these sessions, but "it worked without

On Wed, 20 Feb 2019 at 23:54, Corinna Vinschen <vinschen at redhat.com> wrote: > The previous revert enabled case-insensitive user names again. This > patch implements the case-insensitive user and group name matching. > To allow Unicode chars, implement the matcher using wchar_t chars in > Cygwin-specific code. Keep the generic code changes as small as possible. > Cygwin:

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

Hi, the below patch avoids a compile time error on Cygwin, when using gcc 3.4.x. The #ifdef is superfluous anyway. Thanks, Corinna Index: openbsd-compat/mktemp.c =================================================================== RCS file: /cvs/openssh_cvs/openbsd-compat/mktemp.c,v retrieving revision 1.6 diff -p -u -r1.6 mktemp.c --- openbsd-compat/mktemp.c 24 Nov 2003 02:33:34 -0000

Hi, OpenSSH 5.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains a couple of new features and changes and bug fixes. Testing of the new sandboxed privilege separation mode (see below) would be particularly appreciated. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The

Hi, as it turned out on the Cygwin mailing list, the special handling of empty password in auth-passwd.c when running under Windows NT results in problems. Cause: The authentication methode "none" calls auth_password() with an empty password. A piece of HAVE_CYGWIN code allows empty passwords even if PermitEmptyPasswords is set to "no". This in turn results in calling

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));