Displaying 20 results from an estimated 1000 matches similar to: "possible deadcodes in sources"
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
Hello All.
Attached is an update to my previous patch to make do_pam_chauthtok and
privsep play nicely together.
First, a question: does anybody care about these or the password
expiration patches?
Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after
the pty has been allocated but before it's made the controlling tty.
This allows the child running chauthtok to
2013 Oct 31
9
[Bug 2167] New: Connection remains when fork() fails.
https://bugzilla.mindrot.org/show_bug.cgi?id=2167
Bug ID: 2167
Summary: Connection remains when fork() fails.
Product: Portable OpenSSH
Version: 5.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2006 Sep 12
1
openssh (OpenBSD) , bsdauth and tis authsrv
nuqneH,
I've tried using TIS authsrv authentication via bsd auth and found
it quite limited. The most important restriction it does not log
ip and fqdn of the remote peer, nor the application name, to
the authentication server. It does not matter much for TIS authsrv,
but since other applications do provide such information, our
authsrv version uses it for extra authentication restrictions.
2006 Mar 29
7
sshd config parser
Hi All.
For various reasons, we're currently looking at extending (or even
overhauling) the config parser used for sshd_config.
Right now the syntax I'm looking at is a cumulative "Match" keyword that
matches when all of the specified criteria are met. This would be
similar the the Host directive used in ssh_config, although it's still
limiting (eg you can't easily
2023 Dec 20
2
[PATCH RESEND 0/2] Permit %L and %l percent escapes in Include
Using these escapes, the include directive can be crafted to include
differing, host-specific configuration.
Ronan Pigott (2):
Permit %L and %l percent escapes in ssh Include
Permit %L and %l percent escapes in sshd Include
readconf.c | 16 +++++++++++++---
servconf.c | 17 ++++++++++++++---
2 files changed, 27 insertions(+), 6 deletions(-)
base-commit:
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2001 Aug 15
1
ProxyCommand broken in SNAP-20010814
For some odd reason, one line was removed from the handling of
ProxyCommand in readconf.c. As a result, ssh crashes on strlen(string)
when it parses this option.
--- readconf.c:X Mon Aug 6 23:35:52 2001
+++ readconf.c Wed Aug 15 16:11:44 2001
@@ -475,6 +475,7 @@
case oProxyCommand:
charptr = &options->proxy_command;
+ string = xstrdup("");
while ((arg =
2007 Apr 10
6
[PATCH 0/6] openssh V_4_6: minor fixes/cleanups
This patch series consists of minor fixes and cleanups I made during
update to openssh V_4_6 branch.
openssh/auth-pam.c | 9 ++++-----
openssh/auth2.c | 2 --
openssh/readconf.c | 7 ++++---
openssh/servconf.c | 14 ++++++++------
openssh/sftp-server.c | 9 ++++++---
openssh/sshd.c | 2 +-
6 files changed, 23 insertions(+), 20 deletions(-)
--
ldv
2011 Jun 02
2
preauth privsep logging via monitor
Hi,
This diff (for portable) makes the chrooted preauth privsep process
log via the monitor using a shared socketpair. It removes the need
for /dev/log inside /var/empty and makes mandatory sandboxing of the
privsep child easier down the road (no more socket() syscall required).
Please test.
-d
Index: log.c
===================================================================
RCS file:
2023 Nov 14
1
[PATCH v3 1/2] Permit %L and %l percent escapes in ssh Include
This allows the localhost percent-style escapes in arguments to the
Include directive. These are useful for including host-specific ssh
configuration.
---
readconf.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/readconf.c b/readconf.c
index a2282b562df0..ad47d0e9730a 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1030,7 +1030,8 @@
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2002 Jun 26
5
[PATCH] improved chroot handling
There are a couple of niggles with the sandboxing of the unprivileged
child in the privsep code: the empty directory causes namespace pollution,
and it requires care to ensure that it is set up properly and remains set
up properly. The patch below (against the portable OpenSSH, although the
patch against the OpenBSD version is very similar) replaces the fixed
empty directory with one that is
2002 Sep 30
2
[PATCH] Allow "ProxyCommand none" in ssh_config
Hi!
As discussed in the thread "Question regarding patch for
ProxyCommand setting".
The patch is rather straight forward; maybe it would be a good
idea to improve it in a way that it uses a list of string options
that may have a "none" value to reset it to NULL.
Ciao
Thomas
-------------- next part --------------
Index: readconf.c
2002 Aug 11
4
OSF/1 or Tru64 patch for Privsep
Either this never made it to the list or no one cares about Tru64. This
is the last time I'll send this patch to the list. If no one steps up and
finishes it or provides me with enough information to fix any remaining
bugs (one being complaint that 'ssh site cmd' does not work right).
If there is no activity on this for a week. I'll post it to bugzilla and
will ignore any
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All.
Attached is a patch that implements password expiry with PAM and
privsep. It works by passing a descriptor to the tty to the monitor,
which sets up a child with that tty as stdin/stdout/stderr, then runs
chauthtok(). No setuid helpers.
I used some parts of Michael Steffens' patch (bugid #423) to make it
work on HP-UX.
It's still rough but it works. Tested on Solaris 8 and