Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Corinna Vinschen <corinna@vinschen.de>
To: Prentis Brooks <prentis@aol.net>
Cc: cygwin <cygwin@sourceware.cygnus.com>
Subject: Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]
Date: Sun, 28 May 2000 02:52:00 -0000	[thread overview]
Message-ID: <3930E5F3.C71178F0@vinschen.de> (raw)
In-Reply-To: <NEBBLEPLMLJEEFHAGMDMEECLCAAA.prentis@aol.net>

Prentis Brooks wrote:
> different from what I was looking to do.  Would you mind telling me how you
> solved the problem of unauthorized access to a another account?
> (specifically, being able to login to RSA enabled SSHD eventhough your RSA
> key is not part of that SSHD's user's authorized_key file.)

Password authentication leads to a valid hToken, any
other authentication leads to hToken == INVALID_HANDLE_VALUE.
So after authentication I check for non-password authentication
and equality of getuid() to uid of authenticated user.

==== SNIP ====
@@ -1498,6 +1529,13 @@ do_authloop(struct passwd * pw)
                        break;
                }

+#ifdef __CYGWIN__
+                if (is_winnt && hToken == INVALID_HANDLE_VALUE &&
+                    authenticated && getuid() != pw->pw_uid) {
+                        packet_disconnect("Authentication rejected for
uid %d.", (int) pw->pw_uid);
+                        authenticated = 0;
+                }
+#endif
                /* Raise logging level */
                if (authenticated ||
                    attempt == AUTH_FAIL_LOG ||
==== SNAP ====

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

next prev parent reply	other threads:[~2000-05-28  2:52 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2000-05-26 10:45 No this has a nasty bite Prentis Brooks
2000-05-27 14:35 ` [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite] Corinna Vinschen
2000-05-27 20:58   ` Prentis Brooks
2000-05-28  2:52     ` Corinna Vinschen [this message]
2000-05-30 11:19       ` Prentis Brooks
2000-05-30 12:20         ` Corinna Vinschen
     [not found] <s048jsc0d8a3j88k2r57mkkbs21qbac6jo@4ax.com>
2000-05-30 12:11 ` Prentis Brooks

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3930E5F3.C71178F0@vinschen.de \
    --to=corinna@vinschen.de \
    --cc=cygwin@sourceware.cygnus.com \
    --cc=prentis@aol.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).