Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sourceware DOT cygnus DOT com Delivered-To: mailing list cygwin AT sourceware DOT cygnus DOT com Message-ID: <3930E5F3.C71178F0@vinschen.de> Date: Sun, 28 May 2000 11:25:07 +0200 From: Corinna Vinschen Reply-To: cygwin X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.14 i686) X-Accept-Language: de, en MIME-Version: 1.0 To: Prentis Brooks CC: cygwin Subject: Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite] References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Prentis Brooks wrote: > different from what I was looking to do. Would you mind telling me how you > solved the problem of unauthorized access to a another account? > (specifically, being able to login to RSA enabled SSHD eventhough your RSA > key is not part of that SSHD's user's authorized_key file.) Password authentication leads to a valid hToken, any other authentication leads to hToken == INVALID_HANDLE_VALUE. So after authentication I check for non-password authentication and equality of getuid() to uid of authenticated user. ==== SNIP ==== @@ -1498,6 +1529,13 @@ do_authloop(struct passwd * pw) break; } +#ifdef __CYGWIN__ + if (is_winnt && hToken == INVALID_HANDLE_VALUE && + authenticated && getuid() != pw->pw_uid) { + packet_disconnect("Authentication rejected for uid %d.", (int) pw->pw_uid); + authenticated = 0; + } +#endif /* Raise logging level */ if (authenticated || attempt == AUTH_FAIL_LOG || ==== SNAP ==== Corinna -- Corinna Vinschen Cygwin Developer Cygnus Solutions, a Red Hat company -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe AT sourceware DOT cygnus DOT com