Displaying 20 results from an estimated 600 matches similar to: "uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)"
2000 Oct 15
1
Patch for Digital Unix SIA authentication
A while back, I sent in a patch that added Digital Unix SIA
authentication to OpenSSH. Well, I just figured out that it didn't
handle everything correctly (locked accounts could still log in). I
thought I had checked that, but I guess I missed it.
Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator
2001 Feb 12
2
OSF_SIA bug in 2.3.0p1
Is anyone maintaining the OSF_SIA support in openssh? This seems to be an
obvious bug triggered if you try to connect as a non-existant user.
>From auth1.c line 459
#elif defined(HAVE_OSF_SIA)
(sia_validate_user(NULL, saved_argc, saved_argv,
get_canonical_hostname(), pw->pw_name, NULL, 0,
NULL, "") == SIASUCCESS)) {
#else /*
2003 Feb 27
0
Update for Tru64 Unix
Here is a long-overdue (sorry about that) patch for Tru64. It is pretty
minor mostly (minor formatting and removal of a couple of unneeded
calls), and it disables post-auth privsep (so that OpenSSH will work
"out of the box" on Tru64, avoiding the many questions).
I'm also looking at getting setproctitle working. For Tru64 4.x, it
isn't a big deal (normal PS_USE_CLOBBER_ARGV
2003 Sep 24
1
Patches for compatibility with Heimdal's libsia_krb5 SIA module
I have found the following patches to be desirable for using sshd on a
Tru64 UNIX system with the Kerberos 5 SIA module (libsia_krb5.so) from
Heimdal.
These patches do the following:
1) preserve context between the password authentication and the session
setup phases. This is necessary because the Heimdal SIA module stores
Kerberos context information as mechanism-specific data in
2002 Aug 01
0
Tru64 and OSF/1 Privsep patch
Ok.. I need wider testing for this. I'm getting reports back it works
mostly. 'ssh site ls' fails, but they can login with Privsep enbled.
Can I get those who are using Tru64 or OSF/1 that have SIA enabled to
test? This should apple to either -cvs or the current snapshot (I would
perfer not to use 3.4p1 due to bugs).
I'm going on a trip next week and will be around very spotty
2002 Jun 29
0
Privsep for osf/1 .. still need a bit of help
This privsepifies OSF/1 SIA, but I'm still being told the same error
occurs. I'm stumped.
Without an OSF/1 box near me I can't do too much more help unless someone
can either tell me what is wrong or show me why SIA is failing in their
logs.
(And tell me if it's different w/ or w/out this patch)
- Ben
Index: auth-sia.c
2002 Jun 28
0
Newer OSF patch.
It still is not right, but thanks to Steve we have gotten this far..
The issue seems to be here:
debug3: entering: type 26
debug3: entering
debug1: session_new: init
debug1: session_new: session 0
debug3: entering: type 26
: sendmsg(12): Invalid argument
debug1: Calling cleanup 0x1200365c0(0x14000d9d8)
debug1: session_pty_cleanup: session 0 release /dev/ttyp4
debug1: Calling cleanup
2001 Mar 21
1
Tru64 UNIX SIA in 2.5.2p1 is hosed (still)
The recent patch posted by Steve VanDevender <stevev at darkwing.uoregon.edu>
for fixing the session code on Tru64 isn't quite right -- it still fails
in the case of NO tty being allocated.
The problem is that s->tty is a char[TTYSZ] rather than a char *, and
hence can't hold a NULL. Calling sia_ses_init() with the tty being an
empty string doesn't signify no tty, and
2001 Apr 13
0
Fixed patch for Digital Unix SIA
Okay, here is a fixed version of the patch I sent before for fixing the
problems I know about with Digital Unix SIA: displaying too much info
(MOTD, last login, etc.) when access is denied, and the loss of the
error message sometimes when access is denied.
It does break some code out of do_login into a couple of separate
functions. I did this to avoid duplicating the code in a couple of
places.
2002 Aug 11
4
OSF/1 or Tru64 patch for Privsep
Either this never made it to the list or no one cares about Tru64. This
is the last time I'll send this patch to the list. If no one steps up and
finishes it or provides me with enough information to fix any remaining
bugs (one being complaint that 'ssh site cmd' does not work right).
If there is no activity on this for a week. I'll post it to bugzilla and
will ignore any
2001 Dec 19
0
Patch for DU SIA auth
Hello. The following is a patch against OpenSSH 3.0.2p1 to fix OpenSSH's
handling of Tru64 SIA authentication. The main changes are to make the
SIAENTITY a global variable (so that it remains persistent across function
calls), initialization only happens once, the session is only released
once. This makes SIA modules that require authentication in order to
perform certain actions during the
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's
authentication library. However, BSDI's patches have several
problems:
1. They don't run the approval phase, so they can allow users to login
who aren't supposed to be able to.
2. They don't patch configure to automatically detect the BSDI auth
system, so they're not ready to use in a general portable
2002 Sep 11
1
tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
Hi-
Under privsep, I experimented with moving the session_setup_sia() out of
do_child() and into do_setusercontext(), which is where the uids/gids are set
to the final execution user. The call is made with a NULL tty, and this
is functional provided that any later pty allocation uses grantpty() to
set the device permissions. Logging in with this method shows that a utmp
entry does get made for
2006 Sep 14
3
[PATCH] PermitRootLogin woes
Hi all,
among other things, we provide shell access to various unix based
platforms for our students and university staff. Recently, there has been
increasing number of root login attacks on one particular Tru64 machine
running OpenSSH.
The host is configured with "PermitRootLogin no" but every once in a while
SIA auth with TCB enhanced security locks the root account.
I suppose
2000 Oct 07
0
OpenSSH changes for BSD/OS
The following are patches against openssh 2.1.1p4 to add
support for the BSD_AUTH authentication mechanisms. It allows the
use of non-challenge/response style mechanisms (which styles are
allowed my be limited by appropriate auth-ssh entries in login.conf).
The patches also add support for calling setusercontext for the
appropriate class when called with a command (so that the PATH, limits,
2002 Aug 29
3
tru64 patch: openssh-SNAP-20020826.tar.gz does not contain 'configure', so how to build?
Hi-
Since the tru64 patch was designed for -current, I thought I would try
to build it with a recent snapshot before backporting to 3.4p1.
So I downloaded openssh-SNAP-20020826.tar.gz frpm the portable snapshots, but it
does not contain the 'configure' script. I tried copying the 'configure' from
3.4p1, but that does not create a Makefile from the Makefile.in.
Where are the
2001 Feb 13
4
cvs bulid breaks on slackware
cvs code from this morning (about 9am PST) breaks on slackware 7.1 w/ gcc
2.95.2.1 with an undefined reference to session_setup_sia in session.o.
this seems to be the culprit here:
#ifdef HAVE_OSF_SIA
#else /* HAVE_OSF_SIA */
session_setup_sia(pw->pw_name, ttyname);
since i have no idea what that's trying to accomplish (and seems to be a bit
backwards to me from looking
2003 May 20
2
[Bug 445] User DCE Credentials do not get forwarded to child session
http://bugzilla.mindrot.org/show_bug.cgi?id=445
------- Additional Comments From simon at sxw.org.uk 2003-05-21 00:49 -------
The existing code only handles the situation where Kerberos
credentials are created by the OpenSSH's krb5 code. What would appear
to be happening under OSF/1 is that one of the calls used to verify
the users login is, as a by-product, creating the credentials
2018 Nov 29
2
Where to implement user limit settings ?
Hello,
I'm trying to implement setting of user limits (ulimit) in sshd. I'm
not using PAM so I need it in the sshd itself. The task is very simple -
just to put one line calling setup_limits(pw); and link with -lshadow.
But the problem is, where to put this line. I did it in session.c,
in do_child(), like this:
#ifdef HAVE_OSF_SIA
session_setup_sia(pw, s->ttyfd == -1 ? NULL
2000 Jul 05
0
openssh compile error on TRU64 4.0D
L.S
We have a problem compiling the latest ssh (openssh2.1.1p2) on TRU64 Unix
4.0D
we got the following error message
...
auth1.c:507: `saved_argv' undeclared (first use in this function)
....
auth1.c:509: warning: passing arg 4 of `sia_validate_user' discards
qualifiers from pointer target type
*** Exit 1
where line 509 ===>
(sia_validate_user(NULL, saved_argc, saved_argv,