[ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]
Corinna Vinschen
corinna@vinschen.de
Sun May 28 02:52:00 GMT 2000
Prentis Brooks wrote:
> different from what I was looking to do. Would you mind telling me how you
> solved the problem of unauthorized access to a another account?
> (specifically, being able to login to RSA enabled SSHD eventhough your RSA
> key is not part of that SSHD's user's authorized_key file.)
Password authentication leads to a valid hToken, any
other authentication leads to hToken == INVALID_HANDLE_VALUE.
So after authentication I check for non-password authentication
and equality of getuid() to uid of authenticated user.
==== SNIP ====
@@ -1498,6 +1529,13 @@ do_authloop(struct passwd * pw)
break;
}
+#ifdef __CYGWIN__
+ if (is_winnt && hToken == INVALID_HANDLE_VALUE &&
+ authenticated && getuid() != pw->pw_uid) {
+ packet_disconnect("Authentication rejected for
uid %d.", (int) pw->pw_uid);
+ authenticated = 0;
+ }
+#endif
/* Raise logging level */
if (authenticated ||
attempt == AUTH_FAIL_LOG ||
==== SNAP ====
Corinna
--
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com
More information about the Cygwin
mailing list