From: Corinna Vinschen <corinna@vinschen.de>
To: Prentis Brooks <prentis@aol.net>
Cc: cygwin <cygwin@sourceware.cygnus.com>
Subject: Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]
Date: Sun, 28 May 2000 02:52:00 -0000 [thread overview]
Message-ID: <3930E5F3.C71178F0@vinschen.de> (raw)
In-Reply-To: <NEBBLEPLMLJEEFHAGMDMEECLCAAA.prentis@aol.net>
Prentis Brooks wrote:
> different from what I was looking to do. Would you mind telling me how you
> solved the problem of unauthorized access to a another account?
> (specifically, being able to login to RSA enabled SSHD eventhough your RSA
> key is not part of that SSHD's user's authorized_key file.)
Password authentication leads to a valid hToken, any
other authentication leads to hToken == INVALID_HANDLE_VALUE.
So after authentication I check for non-password authentication
and equality of getuid() to uid of authenticated user.
==== SNIP ====
@@ -1498,6 +1529,13 @@ do_authloop(struct passwd * pw)
break;
}
+#ifdef __CYGWIN__
+ if (is_winnt && hToken == INVALID_HANDLE_VALUE &&
+ authenticated && getuid() != pw->pw_uid) {
+ packet_disconnect("Authentication rejected for
uid %d.", (int) pw->pw_uid);
+ authenticated = 0;
+ }
+#endif
/* Raise logging level */
if (authenticated ||
attempt == AUTH_FAIL_LOG ||
==== SNAP ====
Corinna
--
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com
next prev parent reply other threads:[~2000-05-28 2:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-05-26 10:45 No this has a nasty bite Prentis Brooks
2000-05-27 14:35 ` [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite] Corinna Vinschen
2000-05-27 20:58 ` Prentis Brooks
2000-05-28 2:52 ` Corinna Vinschen [this message]
2000-05-30 11:19 ` Prentis Brooks
2000-05-30 12:20 ` Corinna Vinschen
[not found] <s048jsc0d8a3j88k2r57mkkbs21qbac6jo@4ax.com>
2000-05-30 12:11 ` Prentis Brooks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3930E5F3.C71178F0@vinschen.de \
--to=corinna@vinschen.de \
--cc=cygwin@sourceware.cygnus.com \
--cc=prentis@aol.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).