mirror of git://anongit.mindrot.org/openssh.git
- (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
<cmadams@hiwaay.net> with a little modification and KNF.
This commit is contained in:
parent
116b6bdda8
commit
92ddb7d6f0
|
@ -6,6 +6,8 @@
|
|||
from Nalin Dahyabhai <nalin@redhat.com>
|
||||
- (bal) Missing function prototype in bsd-snprintf.c patch by
|
||||
Mark Miller <markm@swoon.net>
|
||||
- (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
|
||||
<cmadams@hiwaay.net> with a little modification and KNF.
|
||||
|
||||
20010213
|
||||
- (djm) Only test -S potential EGD sockets if they exist and are readable.
|
||||
|
@ -3922,4 +3924,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.757 2001/02/13 14:05:59 mouring Exp $
|
||||
$Id: ChangeLog,v 1.758 2001/02/13 14:25:23 djm Exp $
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $Id: Makefile.in,v 1.150 2001/02/09 13:40:03 djm Exp $
|
||||
# $Id: Makefile.in,v 1.151 2001/02/13 14:25:23 djm Exp $
|
||||
|
||||
prefix=@prefix@
|
||||
exec_prefix=@exec_prefix@
|
||||
|
@ -48,7 +48,7 @@ LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels
|
|||
|
||||
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
|
||||
|
||||
SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o dh.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o
|
||||
SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o dh.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o
|
||||
|
||||
TROFFMAN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1
|
||||
CATMAN = scp.0 ssh-add.0 ssh-agent.0 ssh-keygen.0 ssh-keyscan.0 ssh.0 sshd.0 sftp-server.0 sftp.0
|
||||
|
|
|
@ -0,0 +1,96 @@
|
|||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_OSF_SIA
|
||||
#include "ssh.h"
|
||||
#include "auth-sia.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "canohost.h"
|
||||
|
||||
#include <sia.h>
|
||||
#include <siad.h>
|
||||
#include <pwd.h>
|
||||
#include <signal.h>
|
||||
#include <setjmp.h>
|
||||
#include <sys/resource.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
|
||||
extern ServerOptions options;
|
||||
extern int saved_argc;
|
||||
extern char **saved_argv;
|
||||
|
||||
extern int errno;
|
||||
|
||||
int
|
||||
auth_sia_password(char *user, char *pass)
|
||||
{
|
||||
int ret;
|
||||
SIAENTITY *ent = NULL;
|
||||
const char *host;
|
||||
|
||||
host = get_canonical_hostname(options.reverse_mapping_check);
|
||||
|
||||
if (!user || !pass)
|
||||
return(0);
|
||||
|
||||
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0,
|
||||
NULL) != SIASUCCESS)
|
||||
return(0);
|
||||
|
||||
if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
|
||||
error("couldn't authenticate %s from %s", user, host);
|
||||
if (ret & SIASTOP)
|
||||
sia_ses_release(&ent);
|
||||
return(0);
|
||||
}
|
||||
|
||||
sia_ses_release(&ent);
|
||||
|
||||
return(1);
|
||||
}
|
||||
|
||||
void
|
||||
session_setup_sia(char *user, char *tty)
|
||||
{
|
||||
int ret;
|
||||
struct passwd *pw;
|
||||
SIAENTITY *ent = NULL;
|
||||
const char *host;
|
||||
|
||||
host = get_canonical_hostname (options.reverse_mapping_check);
|
||||
|
||||
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0,
|
||||
NULL) != SIASUCCESS)
|
||||
fatal("sia_ses_init failed");
|
||||
|
||||
if ((pw = getpwnam(user)) == NULL) {
|
||||
sia_ses_release(&ent);
|
||||
fatal("getpwnam(%s) failed: %s", user, strerror(errno));
|
||||
}
|
||||
if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
|
||||
sia_ses_release(&ent);
|
||||
fatal("sia_make_entity_pwd failed");
|
||||
}
|
||||
|
||||
ent->authtype = SIA_A_NONE;
|
||||
if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
|
||||
fatal("couldn't establish session for %s from %s", user,
|
||||
host);
|
||||
|
||||
if (setpriority(PRIO_PROCESS, 0, 0) == -1) {
|
||||
sia_ses_release(&ent);
|
||||
fatal("setpriority failed: %s", strerror (errno));
|
||||
}
|
||||
|
||||
if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
|
||||
fatal("couldn't launch session for %s from %s", user, host);
|
||||
|
||||
sia_ses_release(&ent);
|
||||
|
||||
if (setreuid(geteuid(), geteuid()) < 0)
|
||||
fatal("setreuid failed: %s", strerror (errno));
|
||||
}
|
||||
|
||||
#endif /* HAVE_OSF_SIA */
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_OSF_SIA
|
||||
|
||||
int auth_sia_password(char *user, char *pass);
|
||||
void session_setup_sia(char *user, char *tty);
|
||||
|
||||
#endif /* HAVE_OSF_SIA */
|
18
auth1.c
18
auth1.c
|
@ -12,11 +12,6 @@
|
|||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth1.c,v 1.15 2001/02/07 22:35:45 markus Exp $");
|
||||
|
||||
#ifdef HAVE_OSF_SIA
|
||||
# include <sia.h>
|
||||
# include <siad.h>
|
||||
#endif
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "rsa.h"
|
||||
#include "ssh1.h"
|
||||
|
@ -36,10 +31,6 @@ extern char *forced_command;
|
|||
#ifdef WITH_AIXAUTHENTICATE
|
||||
extern char *aixloginmsg;
|
||||
#endif /* WITH_AIXAUTHENTICATE */
|
||||
#ifdef HAVE_OSF_SIA
|
||||
extern int saved_argc;
|
||||
extern char **saved_argv;
|
||||
#endif /* HAVE_OSF_SIA */
|
||||
|
||||
/*
|
||||
* convert ssh auth msg type into description
|
||||
|
@ -98,6 +89,8 @@ do_authloop(Authctxt *authctxt)
|
|||
#endif
|
||||
#ifdef USE_PAM
|
||||
auth_pam_password(pw, "")) {
|
||||
#elif defined(HAVE_OSF_SIA)
|
||||
0) {
|
||||
#else
|
||||
auth_password(pw, "")) {
|
||||
#endif
|
||||
|
@ -265,11 +258,8 @@ do_authloop(Authctxt *authctxt)
|
|||
authenticated = auth_pam_password(pw, password);
|
||||
#elif defined(HAVE_OSF_SIA)
|
||||
/* Do SIA auth with password */
|
||||
if (sia_validate_user(NULL, saved_argc, saved_argv,
|
||||
get_canonical_hostname(options.reverse_mapping_check),
|
||||
authctxt->user?authctxt->user:"NOUSER", NULL,
|
||||
0, NULL, password) == SIASUCCESS)
|
||||
authenticated = 1;
|
||||
authenticated = auth_sia_password(authctxt->user,
|
||||
password);
|
||||
#else /* !USE_PAM && !HAVE_OSF_SIA */
|
||||
/* Try authentication with the password. */
|
||||
authenticated = auth_password(pw, password);
|
||||
|
|
19
auth2.c
19
auth2.c
|
@ -25,11 +25,6 @@
|
|||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2.c,v 1.40 2001/02/10 12:52:02 markus Exp $");
|
||||
|
||||
#ifdef HAVE_OSF_SIA
|
||||
# include <sia.h>
|
||||
# include <siad.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include "ssh2.h"
|
||||
|
@ -61,10 +56,6 @@ extern int session_id2_len;
|
|||
#ifdef WITH_AIXAUTHENTICATE
|
||||
extern char *aixloginmsg;
|
||||
#endif
|
||||
#ifdef HAVE_OSF_SIA
|
||||
extern int saved_argc;
|
||||
extern char **saved_argv;
|
||||
#endif
|
||||
|
||||
static Authctxt *x_authctxt = NULL;
|
||||
static int one = 1;
|
||||
|
@ -346,10 +337,7 @@ userauth_none(Authctxt *authctxt)
|
|||
#ifdef USE_PAM
|
||||
return auth_pam_password(authctxt->pw, "");
|
||||
#elif defined(HAVE_OSF_SIA)
|
||||
return (sia_validate_user(NULL, saved_argc, saved_argv,
|
||||
get_canonical_hostname(options.reverse_mapping_check),
|
||||
authctxt->user?authctxt->user:"NOUSER", NULL, 0,
|
||||
NULL, "") == SIASUCCESS);
|
||||
return 0;
|
||||
#else /* !HAVE_OSF_SIA && !USE_PAM */
|
||||
return auth_password(authctxt->pw, "");
|
||||
#endif /* USE_PAM */
|
||||
|
@ -374,10 +362,7 @@ userauth_passwd(Authctxt *authctxt)
|
|||
#ifdef USE_PAM
|
||||
auth_pam_password(authctxt->pw, password) == 1)
|
||||
#elif defined(HAVE_OSF_SIA)
|
||||
sia_validate_user(NULL, saved_argc, saved_argv,
|
||||
get_canonical_hostname(options.reverse_mapping_check),
|
||||
authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL,
|
||||
password) == SIASUCCESS)
|
||||
auth_sia_password(authctxt->user, password) == 1)
|
||||
#else /* !USE_PAM && !HAVE_OSF_SIA */
|
||||
auth_password(authctxt->pw, password) == 1)
|
||||
#endif /* USE_PAM */
|
||||
|
|
20
session.c
20
session.c
|
@ -72,11 +72,6 @@ RCSID("$OpenBSD: session.c,v 1.55 2001/02/08 19:30:52 itojun Exp $");
|
|||
#include <usersec.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_OSF_SIA
|
||||
# include <sia.h>
|
||||
# include <siad.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
#include <windows.h>
|
||||
#include <sys/cygwin.h>
|
||||
|
@ -1051,21 +1046,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
|
|||
switch, so we let login(1) to this for us. */
|
||||
if (!options.use_login) {
|
||||
#ifdef HAVE_OSF_SIA
|
||||
extern char **saved_argv;
|
||||
extern int saved_argc;
|
||||
char *host = get_canonical_hostname(options.reverse_mapping_check);
|
||||
|
||||
if (sia_become_user(NULL, saved_argc, saved_argv, host,
|
||||
pw->pw_name, ttyname, 0, NULL, NULL, SIA_BEU_SETLUID) !=
|
||||
SIASUCCESS) {
|
||||
perror("sia_become_user");
|
||||
exit(1);
|
||||
}
|
||||
if (setreuid(geteuid(), geteuid()) < 0) {
|
||||
perror("setreuid");
|
||||
exit(1);
|
||||
}
|
||||
#else /* HAVE_OSF_SIA */
|
||||
session_setup_sia(pw->pw_name, ttyname);
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (is_winnt) {
|
||||
#else
|
||||
|
|
Loading…
Reference in New Issue