mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-01-26 11:23:15 +00:00
- (bal) Disable Privsep for Tru64 after pre-authentication due to issues
with SIA. Also, clean up of tru64 support patch by Chris Adams <cmadams@hiwaay.net>
This commit is contained in:
parent
a5a2648b81
commit
c8c548d248
@ -10,6 +10,9 @@
|
||||
- (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw'
|
||||
- (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved
|
||||
guessing rules)
|
||||
- (bal) Disable Privsep for Tru64 after pre-authentication due to issues
|
||||
with SIA. Also, clean up of tru64 support patch by Chris Adams
|
||||
<cmadams@hiwaay.net>
|
||||
|
||||
20030318
|
||||
- (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
|
||||
@ -1235,4 +1238,4 @@
|
||||
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
||||
ok provos@
|
||||
|
||||
$Id: ChangeLog,v 1.2636 2003/03/21 01:05:37 mouring Exp $
|
||||
$Id: ChangeLog,v 1.2637 2003/03/21 01:18:09 mouring Exp $
|
||||
|
@ -43,6 +43,10 @@ It does not function on HP-UX with a trusted system
|
||||
configuration. PAMAuthenticationViaKbdInt does not function with
|
||||
privsep.
|
||||
|
||||
On Compaq Tru64 Unix, only the pre-authentication part of privsep is
|
||||
supported. Post-authentication privsep is disabled automatically (so
|
||||
you won't see the additional process mentioned below).
|
||||
|
||||
Note that for a normal interactive login with a shell, enabling privsep
|
||||
will require 1 additional process per login session.
|
||||
|
||||
@ -58,4 +62,4 @@ process 1005 is the sshd process listening for new connections.
|
||||
process 6917 is the privileged monitor process, 6919 is the user owned
|
||||
sshd process and 6921 is the shell process.
|
||||
|
||||
$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $
|
||||
$Id: README.privsep,v 1.11 2003/03/21 01:18:09 mouring Exp $
|
||||
|
47
auth-sia.c
47
auth-sia.c
@ -45,27 +45,25 @@ extern ServerOptions options;
|
||||
extern int saved_argc;
|
||||
extern char **saved_argv;
|
||||
|
||||
extern int errno;
|
||||
|
||||
int
|
||||
auth_sia_password(Authctxt *authctxt, char *pass)
|
||||
{
|
||||
int ret;
|
||||
SIAENTITY *ent = NULL;
|
||||
const char *host;
|
||||
char *user = authctxt->user;
|
||||
|
||||
host = get_canonical_hostname(options.verify_reverse_mapping);
|
||||
|
||||
if (pass[0] == '\0')
|
||||
if (!authctxt->user || !pass || pass[0] == '\0')
|
||||
return(0);
|
||||
|
||||
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0,
|
||||
NULL) != SIASUCCESS)
|
||||
if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,
|
||||
NULL, 0, NULL) != SIASUCCESS)
|
||||
return(0);
|
||||
|
||||
if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
|
||||
error("Couldn't authenticate %s from %s", user, host);
|
||||
error("Couldn't authenticate %s from %s", authctxt->user,
|
||||
host);
|
||||
if (ret & SIASTOP)
|
||||
sia_ses_release(&ent);
|
||||
return(0);
|
||||
@ -77,48 +75,35 @@ auth_sia_password(Authctxt *authctxt, char *pass)
|
||||
}
|
||||
|
||||
void
|
||||
session_setup_sia(char *user, char *tty)
|
||||
session_setup_sia(struct passwd *pw, char *tty)
|
||||
{
|
||||
struct passwd *pw;
|
||||
SIAENTITY *ent = NULL;
|
||||
const char *host;
|
||||
|
||||
host = get_canonical_hostname (options.verify_reverse_mapping);
|
||||
host = get_canonical_hostname(options.verify_reverse_mapping);
|
||||
|
||||
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0,
|
||||
NULL) != SIASUCCESS) {
|
||||
if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty,
|
||||
0, NULL) != SIASUCCESS)
|
||||
fatal("sia_ses_init failed");
|
||||
}
|
||||
|
||||
if ((pw = getpwnam(user)) == NULL) {
|
||||
sia_ses_release(&ent);
|
||||
fatal("getpwnam: no user: %s", user);
|
||||
}
|
||||
if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
|
||||
sia_ses_release(&ent);
|
||||
fatal("sia_make_entity_pwd failed");
|
||||
}
|
||||
|
||||
ent->authtype = SIA_A_NONE;
|
||||
if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) {
|
||||
fatal("Couldn't establish session for %s from %s", user,
|
||||
if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
|
||||
fatal("Couldn't establish session for %s from %s",
|
||||
pw->pw_name, host);
|
||||
|
||||
if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
|
||||
fatal("Couldn't launch session for %s from %s", pw->pw_name,
|
||||
host);
|
||||
}
|
||||
|
||||
if (setpriority(PRIO_PROCESS, 0, 0) == -1) {
|
||||
sia_ses_release(&ent);
|
||||
fatal("setpriority: %s", strerror (errno));
|
||||
}
|
||||
|
||||
if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) {
|
||||
fatal("Couldn't launch session for %s from %s", user, host);
|
||||
}
|
||||
|
||||
sia_ses_release(&ent);
|
||||
|
||||
if (setreuid(geteuid(), geteuid()) < 0) {
|
||||
if (setreuid(geteuid(), geteuid()) < 0)
|
||||
fatal("setreuid: %s", strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* HAVE_OSF_SIA */
|
||||
|
@ -27,6 +27,6 @@
|
||||
#ifdef HAVE_OSF_SIA
|
||||
|
||||
int auth_sia_password(Authctxt *authctxt, char *pass);
|
||||
void session_setup_sia(char *user, char *tty);
|
||||
void session_setup_sia(struct passwd *pw, char *tty);
|
||||
|
||||
#endif /* HAVE_OSF_SIA */
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: configure.ac,v 1.112 2003/03/21 00:34:34 mouring Exp $
|
||||
# $Id: configure.ac,v 1.113 2003/03/21 01:18:09 mouring Exp $
|
||||
|
||||
AC_INIT
|
||||
AC_CONFIG_SRCDIR([ssh.c])
|
||||
@ -331,6 +331,7 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(HAVE_OSF_SIA)
|
||||
AC_DEFINE(DISABLE_LOGIN)
|
||||
AC_DEFINE(DISABLE_FD_PASSING)
|
||||
LIBS="$LIBS -lsecurity -ldb -lm -laud"
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
|
@ -1321,7 +1321,7 @@ do_child(Session *s, const char *command)
|
||||
*/
|
||||
if (!options.use_login) {
|
||||
#ifdef HAVE_OSF_SIA
|
||||
session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty);
|
||||
session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
|
||||
if (!check_quietlogin(s, command))
|
||||
do_motd();
|
||||
#else /* HAVE_OSF_SIA */
|
||||
|
Loading…
Reference in New Issue
Block a user