Mail Archives: cygwin/2000/05/28/05:54:01

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2000/05/28/05:54:01

Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com>

List-Archive: <http://sourceware.cygnus.com/ml/cygwin/>

List-Post: <mailto:cygwin AT sourceware DOT cygnus DOT com>

List-Help: <mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>

Sender: cygwin-owner AT sourceware DOT cygnus DOT com

Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com

Message-ID: <3930E5F3.C71178F0@vinschen.de>

Date: Sun, 28 May 2000 11:25:07 +0200

From: Corinna Vinschen <corinna AT vinschen DOT de>

Reply-To: cygwin <cygwin AT sourceware DOT cygnus DOT com>

X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.14 i686)

X-Accept-Language: de, en

MIME-Version: 1.0

To: Prentis Brooks <prentis AT aol DOT net>

CC: cygwin <cygwin AT sourceware DOT cygnus DOT com>

Subject: Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty

bite]

References: <NEBBLEPLMLJEEFHAGMDMEECLCAAA DOT prentis AT aol DOT net>

Prentis Brooks wrote:
> different from what I was looking to do.  Would you mind telling me how you
> solved the problem of unauthorized access to a another account?
> (specifically, being able to login to RSA enabled SSHD eventhough your RSA
> key is not part of that SSHD's user's authorized_key file.)

Password authentication leads to a valid hToken, any
other authentication leads to hToken == INVALID_HANDLE_VALUE.
So after authentication I check for non-password authentication
and equality of getuid() to uid of authenticated user.

==== SNIP ====
@@ -1498,6 +1529,13 @@ do_authloop(struct passwd * pw)
                        break;
                }

+#ifdef __CYGWIN__
+                if (is_winnt && hToken == INVALID_HANDLE_VALUE &&
+                    authenticated && getuid() != pw->pw_uid) {
+                        packet_disconnect("Authentication rejected for
uid %d.", (int) pw->pw_uid);
+                        authenticated = 0;
+                }
+#endif
                /* Raise logging level */
                if (authenticated ||
                    attempt == AUTH_FAIL_LOG ||
==== SNAP ====

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT sourceware DOT cygnus DOT com>
List-Archive:	<http://sourceware.cygnus.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT sourceware DOT cygnus DOT com>
List-Help:	<mailto:cygwin-help AT sourceware DOT cygnus DOT com>, <http://sourceware.cygnus.com/ml/#faqs>
Sender:	cygwin-owner AT sourceware DOT cygnus DOT com
Delivered-To:	mailing list cygwin AT sourceware DOT cygnus DOT com
Message-ID:	<3930E5F3.C71178F0@vinschen.de>
Date:	Sun, 28 May 2000 11:25:07 +0200
From:	Corinna Vinschen <corinna AT vinschen DOT de>
Reply-To:	cygwin <cygwin AT sourceware DOT cygnus DOT com>
X-Mailer:	Mozilla 4.73 [en] (X11; I; Linux 2.2.14 i686)
X-Accept-Language:	de, en
MIME-Version:	1.0
To:	Prentis Brooks <prentis AT aol DOT net>
CC:	cygwin <cygwin AT sourceware DOT cygnus DOT com>
Subject:	Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty
	bite]
References:	<NEBBLEPLMLJEEFHAGMDMEECLCAAA DOT prentis AT aol DOT net>