[Bug 937] ssh2 pubkey auth broken by user:style syntax
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Sep 10 20:07:50 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=937
Patric Stout <patric.stout at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2080|0 |1
is obsolete| |
--- Comment #3 from Patric Stout <patric.stout at gmail.com> 2011-09-10 20:07:50 EST ---
Created attachment 2081
--> https://bugzilla.mindrot.org/attachment.cgi?id=2081
Support Pubkeys with :style loginname
Although the last patch was valid, it was both applied to Debian
source, as it was tested without privileged mode.
This brought a few other things to light.
It turns out several places send ->pw->pw_name to ->user in the
monitor, causing validations to fail (user-mismatch).
Although everywhere ->pw->pw_name and ->user is used when needed,
auth2-pam is an exception. It uses ->user, where it should be using
->pw->pw_name.
The combination of all these small problems are combined in the
attached patch. The changes to auth2-pam.c should be considered
separate. They are related to this bug, but is a problem on its own
which should be addressed.
With auth2-pam.c changes, there is no need to send the username to the
monitor separately.
To stop talking so much, as last, to solve this bug it was needed to
send the real username in the authserv package. I don't know if it is
in its place there, but it felt good to place it there.
The default remarks hold, I am not an OpenSSH expert so I don't know
the impact in other parts of this patch. It works for me. Also, I only
tested it with protocol 2.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching the reporter of the bug.
More information about the openssh-bugs
mailing list