similar to: Patch: remove unused tty variable from session.c

Hi, the following patch by Pierre A. Humblet <Pierre.Humblet at ieee.org> allows to use more than one uid on 9x/Me boxes which is currently blocked due to the behaviour of Cygwin's security code. After this patch is applied to sshd, we can safely change the affected code in Cygwin. Thanks, Corinna Index: session.c ===================================================================

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

With 3.3p1 built on AIX 4.3.2: $ ssh [blah] Couldn't set usrinfo: Not owner debug1: Calling cleanup 0x20019080(0x200219a0) debug3: mm_request_send entering: type 27 debug1: Calling cleanup 0x20018dd4(0x0) Connection to songohan closed by remote host. Connection to songohan closed. Output from sshd -d -d -d: ... debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0

Hi All. I tried building -current on Cygwin but got a couple of minor errors. The first is in auth-passwd.c where it appears Ben got a bit over-enthusiastic cleaning up :-). The patch restores the relevant "#ifdef HAVE_CYGWIN" fragment. The second is in the send-break code in session.c, which won't compile because Cygwin apparently doesn't have TIOCSBRK and TIOCCBRK ioctls.

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

Recently we made somemajor changes to do_child() in OpenSSH -current. Those changes included splitting it up into smaller chunks to help with readability and also to extract out IRIX and AIX specific code to reduce the number of lines in our diffs against the OpenSSH tree. I need people to do some testing on different platforms to ensure that all the right #ifdef/#endif bits got put back in

Hi, as it turned out on the Cygwin mailing list, the special handling of empty password in auth-passwd.c when running under Windows NT results in problems. Cause: The authentication methode "none" calls auth_password() with an empty password. A piece of HAVE_CYGWIN code allows empty passwords even if PermitEmptyPasswords is set to "no". This in turn results in calling

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

Can we do this? Or should we drop the whole char *tty; ? There will be no way of setting the TTY= correctly while using privsep (Mainly for multiple streams over single session). The only thing we really could do is do: In do_setusercontext() if (use_privsep) aix_usrinfo(pw, NULL); and back in the old spot put: if (!use_privsep) aix_usrinfo(pw, s->ttyfd == -1 ? NULL : s->tty);

Hi, the following patch is a (hopefully least intrusive) extension when sshd is started so that it daemonizes itself. In that case Windows 9x/Me has a slight problem with sshd as soon as the current user logs off. The sshd daemon will be killed as well. Since installing services is very different between NT and 9x, the way used for NT boxes isn't working well for 9x. For that reason

http://bugzilla.mindrot.org/show_bug.cgi?id=101 ------- Additional Comments From wendyp at cray.com 2002-04-23 08:43 ------- updated patches for 22 april snapshot: --- session.c.orig Mon Apr 22 14:36:13 2002 +++ session.c Mon Apr 22 16:31:15 2002 @@ -64,6 +64,10 @@ #define is_winnt (GetVersion() < 0x80000000) #endif +#ifdef _CRAY +#include <tmpdir.h> +#endif /*

Just had a quick glance at the recents diffs of openssh and noted something which looks bogus to me: diff -u -r1.209 -r1.210 --- src/usr.bin/ssh/ssh.c 2004/03/11 10:21:17 1.209 +++ src/usr.bin/ssh/ssh.c 2004/04/18 23:10:26 1.210 @@ -517,16 +517,17 @@ * file if the user specifies a config file on the command line. */ if (config != NULL) { - if (!read_config_file(config, host,

I downloaded openssh-2.5.1p1 as soon as it was on the ftp servers just to get the setluid patch. After compiling and installing on 5.0.5 I saw that the luid still wasn't being set correctly whether sshd was run from inetd or as a daemon from /etc/rc2.d/. I fiddled around and moved the setluid() stuff up higher in session.c and now luid is now being set correctly. I provided a regular diff

http://bugzilla.mindrot.org/show_bug.cgi?id=101 Summary: session.c modifications for correct UNICOS behavior Product: Portable OpenSSH Version: 3.0.2p1 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

Hi, the following patch removes some of the Cygwin specific code from OpenSSH. Since Cygwin is able to change the user context on NT/W2K even without a password since the new Cygwin version 1.3.2, there's no need anymore to allow changing the user context only if the sshd user is the same user as the one which logs in or when a password is given. For that reason the whole function

Attached is the patch for the Cygwin port of 2.2.0p1. As usual I didn't attach the patch to `configure' but only the patch to `configure.in'. BTW: I have attached a gzip'd version of the patch since it's size is > 20K and I thought that it might be too big. The gzip'd diff is < 8K. What are "Small attachments (such as diff files) within the bounds of common

I am enclosing a context diff of the changes that I made to get openssh working on UWIN. UWIN is a UNIX operating system layer that runs on Win32 systems. For more information on UWIN go to http://www.research.att.com/sw/tools/uwin/. I also ran configure using -with-cppflags=-D_BSDCOMP=2. I don't know where that information would go with the source code. Let me know if you need more

Hi, the following patch checks if OpenSSH is running under a Cygwin version >= 1.3.2 which allows switching user context without password. Otherwise sshd allows changing the user context only if password authentication is used as it was before. Corinna Index: openbsd-compat/bsd-cygwin_util.c =================================================================== RCS file:

The attached patch should solve the following problem: ssh-agent creates a temporary directory under /tmp with '600' permissions. The actual socket file is created in that dir using the default umask. That's no problem in U*X systems since nobody but the owner of the directory can read the socket file. Unfortunately, Windows has a user privilege called "Bypass traverse

Hi, I've sent that patch once already but it seems more or less forgotten in the tumultuous days of the latest vulnerability. It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined on platforms not supporting the concept of "privileged" ports only accessible by privileged users but which allow everyone to use these ports. This patch removes some Cygwin dependencies