This is the mail archive of the
cygwin@sourceware.cygnus.com
mailing list for the Cygwin project.
Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]
- To: Prentis Brooks <prentis at aol dot net>
- Subject: Re: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]
- From: Corinna Vinschen <corinna at vinschen dot de>
- Date: Sun, 28 May 2000 11:25:07 +0200
- CC: cygwin <cygwin at sourceware dot cygnus dot com>
- References: <NEBBLEPLMLJEEFHAGMDMEECLCAAA.prentis@aol.net>
- Reply-To: cygwin <cygwin at sourceware dot cygnus dot com>
Prentis Brooks wrote:
> different from what I was looking to do. Would you mind telling me how you
> solved the problem of unauthorized access to a another account?
> (specifically, being able to login to RSA enabled SSHD eventhough your RSA
> key is not part of that SSHD's user's authorized_key file.)
Password authentication leads to a valid hToken, any
other authentication leads to hToken == INVALID_HANDLE_VALUE.
So after authentication I check for non-password authentication
and equality of getuid() to uid of authenticated user.
==== SNIP ====
@@ -1498,6 +1529,13 @@ do_authloop(struct passwd * pw)
break;
}
+#ifdef __CYGWIN__
+ if (is_winnt && hToken == INVALID_HANDLE_VALUE &&
+ authenticated && getuid() != pw->pw_uid) {
+ packet_disconnect("Authentication rejected for
uid %d.", (int) pw->pw_uid);
+ authenticated = 0;
+ }
+#endif
/* Raise logging level */
if (authenticated ||
attempt == AUTH_FAIL_LOG ||
==== SNAP ====
Corinna
--
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com