Displaying 20 results from an estimated 3000 matches similar to: "Requirement for sshd account since 4.4p1"
2003 Dec 14
1
fakepw auth.c question
this is at the bottom of auth.c. What is it?
struct passwd *
fakepw(void)
{
static struct passwd fake;
memset(&fake, 0, sizeof(fake));
fake.pw_name = "NOUSER";
fake.pw_passwd =
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
fake.pw_gecos = "NOUSER";
fake.pw_uid = -1;
fake.pw_gid = -1;
fake.pw_class =
2001 Oct 08
1
Ported OpenSSH 2.9.9p2 to Dynix
Hello Porters,
I've finally (thanks to Wendy Palm of Cray) ported OpenSSH to
Dynix v4.4.4. I had to make sure that "UseLogin" was set to "no" in the
sshd_config file. Also, here are the old-style contextual diffs (obtained
with 'diff -c' on the Dynix box) of the two files I had to change:
*** configure Sat Jun 16 17:09:50 2001
--- configure.new Mon Oct 8
2004 Sep 22
1
[PATCH] permanently_set_uid: Don't try restoring gid on Cygwin
Hi,
the below patch solves the same problem for gids as has already been
solved for uids. Windows has no concept of permanently changing the
identity. It's always possible to revert to the original identity.
Thanks,
Corinna
Index: uidswap.c
===================================================================
RCS file: /cvs/openssh_cvs/uidswap.c,v
retrieving revision 1.44
diff -p -u -r1.44
2003 Sep 16
2
[PATCH] permanently_set_uid fails on Cygwin :-(
Hi,
I'm terribly sorry that I missed this before 3.7p1 was out. The
permanently_set_uid() function fails on Cygwin since the test to
revert to the saved uid unfortunately works on Cygwin though it
shouldn't. The reason is that a Windows NT process always can
revert to its previous privileges. There's no such concept of
giving up rights in a process permanently. This is only
2001 Apr 25
0
NeXT // Broken _POSIX_SAVED_ID patch
Ok, for those running NeXT and other platforms with broken/missing
_POSIX_SAVED_ID please try this patch, and anyone that has spent any
amount of time dealing with this problem.
I believe it's right.
BTW, this patch is no where near as big as it looks. The patch was
done against an earily version of the tree which had an issue with
white space.
- Ben
--- ../openssh/uidswap.c Sun Apr 22
2002 Jun 25
3
BSD/OS with privsep
I need this for BSD/OS 4.2 + privsep
perhaps we should not call do_setusercontext() after
chroot().
--- sshd.c.orig Fri Jun 21 03:09:47 2002
+++ sshd.c Tue Jun 25 13:11:03 2002
@@ -548,21 +548,35 @@
/* Change our root directory*/
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno));
if
2001 Oct 08
2
Porting OpenSSH 2.9.9p2 to Dynix V4.4.4
Hello Porters,
I am attempting to compile OpenSSH 2.9.9p2 on a Dynix V4.4.4 host.
I have set USE_PIPES and BROKEN_SAVED_UIDS (the latter because there are
no functions for set{eu,eg}id() that I can find). I configured with
"./configure '--with-libs=-lnsl -lsec'".
Each time I attempt to login, I get this error:
No utmp entry. You must exec "login" from
2004 Jan 25
1
Puzzled about PAM support in OpenSSH-3.7.1p2
I'm trying to understand the code around PAM support in auth2.c and
auth2-chall.c. I'm working with the OpenSSH 3.7.1p2 sources on
FreeBSD 4.x. The scenario I'm trying to make work is SSH login to a
captive accout for users in a RADIUS database but whose login does not
appear in /etc/passwd or getpwnam().
I understand that if the username is not found in getpwnam(), then the
2000 Oct 07
0
OpenSSH changes for BSD/OS
The following are patches against openssh 2.1.1p4 to add
support for the BSD_AUTH authentication mechanisms. It allows the
use of non-challenge/response style mechanisms (which styles are
allowed my be limited by appropriate auth-ssh entries in login.conf).
The patches also add support for calling setusercontext for the
appropriate class when called with a command (so that the PATH, limits,
2003 Aug 16
0
sftp-server (secure) chroot patch, comment fix
Accidently removed XXX comment. New patch below.
Regards
Magnus
--- openssh-3.6.1p2/sftp-server.c.org 2003-08-11 22:07:47.098650000 +0200
+++ openssh-3.6.1p2/sftp-server.c 2003-08-16 19:07:14.273582000 +0200
@@ -24,15 +24,24 @@
#include "includes.h"
RCSID("$OpenBSD: sftp-server.c,v 1.41 2003/03/26 04:02:51 deraadt Exp $");
+#define CHROOT
#include "buffer.h"
2003 Sep 30
1
[PATCH] sftp-server (secure) chroot patch, 3.7.1p2 update
Hello all,
Here is an updated patch. I published the original patch published on
august 16.
--- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000
+0200
+++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200
@@ -24,6 +24,7 @@
#include \"includes.h\"
RCSID(\"$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp
$\");
+#define CHROOT
2005 Jan 26
1
Question about a recent change to uidswap.c in the portability snapshot
A change was recently introduced into uidswap.c to cover the case where
the user is root. The change is "&& pw->pw_uid != 0 &&".
/* Try restoration of GID if changed (test clearing of saved
gid) */
if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
(setgid(old_gid) != -1 || setegid(old_gid) != -1))
2003 Aug 16
0
sftp-server (secure) chroot patch?
Hello,
I know this chroot issue has been brought up many times before on this list. I saw that the contribibuted chroot-patch was removed from the contrib directory because it always was out of date. The main reason was of course was that sftp-server has to be run as root to be able to do the chroot() call? Most of you are against chroot (since it isnt in the src) but I believe a lot of users
2005 Feb 19
0
[PATCH]: uidswap.c: Drop uid 0 check on Cygwin
Hi,
the below patch drops another test for uid 0 on Cygwin. It's embarassing
that I never found it. Actually temporarily_use_uid never worked on
Cygwin due to that.
So far that had no influence, but now that we have activated another
feature which makes Cygwin more POSIX-like, somebody on the Cygwin list
found that agent forwarding didn't work anymore. The reason is that
due to the
2001 Jun 21
1
pw_expire/pw_change in current portable openssh CVS bombs
The references to pw_expire and pw_change in pwcopy() in misc.c cause
compilation errors at least on solaris. How about doing a memcpy of the
whole structure and only explicitly setting those that need xstrdup?
That would work on openbsd and everywhere else.
- Dave Dykstra
--- misc.c.O Thu Jun 21 11:35:28 2001
+++ misc.c Thu Jun 21 11:36:09 2001
@@ -125,14 +125,10 @@
{
struct passwd *copy =
2018 Oct 04
0
vpopmail
Quoting Rick Romero <rick at havokmon.com>:
> Quoting Eric Broch <ebroch at whitehorsetc.com>:
>
>> On 10/4/2018 7:27 AM, Rick Romero wrote:
>>> Quoting Eric Broch <ebroch at whitehorsetc.com
>>> <mailto:ebroch at whitehorsetc.com>>:
>>>
>>>> On 10/4/2018 6:34 AM, Rick Romero wrote:
>>>>> ?
>>>
2018 Oct 04
0
vpopmail
On 10/4/2018 7:27 AM, Rick Romero wrote:
>
> Quoting Eric Broch <ebroch at whitehorsetc.com
> <mailto:ebroch at whitehorsetc.com>>:
>
>>
>> On 10/4/2018 6:34 AM, Rick Romero wrote:
>>>
> Quoting Aki Tuomi <aki.tuomi at open-xchange.com
> <mailto:aki.tuomi at open-xchange.com>>:
>
>> On 03.10.2018 23:30, Eric Broch wrote:
2001 Sep 28
1
openssh-2.9.9p2 assumes pid_t, uid_t, etc. are not 'long'
openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no
wider than int. GCC complains about this assumption on 32-bit Solaris
8 sparc, where these types are 'long', not 'int'. This isn't an
actual problem at runtime on this host, as long and int are the same
width, but it is a problem on other hosts where pid_t is wider than
int. E.g., I've heard that 64-bit
2016 Dec 28
0
Help with httpd userdir recovery
On 12/27/2016 08:20 PM, John Fawcett wrote:
> On 12/28/2016 01:43 AM, John Fawcett wrote:
>> On 12/28/2016 01:12 AM, Robert Moskowitz wrote:
>>> On 12/27/2016 07:06 PM, John Fawcett wrote:
>>>> On 12/28/2016 12:34 AM, Robert Moskowitz wrote:
>>>>> On 12/27/2016 05:44 PM, John Fawcett wrote:
>>>>>> That error should be caused by having
2001 Apr 22
1
relaxing access rights verifications
Hello,
I was trying to build a chrooted sftp account when I faced a problem. The
chroot is done with the patch present in the contrib subdirectory in the
portable version (I'm under linux slackware current).
My problem is that verifying access rights on directories and files are too
tight and then I couldn't have the following things :
The user sftp, with primary group sftp, is chrooted