This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]


Prentis Brooks wrote:
> different from what I was looking to do.  Would you mind telling me how you
> solved the problem of unauthorized access to a another account?
> (specifically, being able to login to RSA enabled SSHD eventhough your RSA
> key is not part of that SSHD's user's authorized_key file.)

Password authentication leads to a valid hToken, any
other authentication leads to hToken == INVALID_HANDLE_VALUE.
So after authentication I check for non-password authentication
and equality of getuid() to uid of authenticated user.

==== SNIP ====
@@ -1498,6 +1529,13 @@ do_authloop(struct passwd * pw)
                        break;
                }

+#ifdef __CYGWIN__
+                if (is_winnt && hToken == INVALID_HANDLE_VALUE &&
+                    authenticated && getuid() != pw->pw_uid) {
+                        packet_disconnect("Authentication rejected for
uid %d.", (int) pw->pw_uid);
+                        authenticated = 0;
+                }
+#endif
                /* Raise logging level */
                if (authenticated ||
                    attempt == AUTH_FAIL_LOG ||
==== SNAP ====

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company

--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]